ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +5662 more potentially affected by CVE-2021-21349 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.15)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-21349 Source advisory: OSV:GHSA-F6HM-88X3-MFJV...

Ubuntu 18.04 LTS : Debian-LAN vulnerabilities (USN-4530-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4530-1 advisory. Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change t...

USN-4530-1: Debian-LAN vulnerabilities

Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation. CVE-2019-3467...

IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution Exploit (2)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule "IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in...

IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule "IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in...

IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution Exploit

IBM Cognos TM1 Server / Planning Analytics Server TM1 suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module. IBM PA / TM1, dating back to...

IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution

This module exploits a vulnerability in IBM TM1 / Planning Analytics that allows an unauthenticated attacker to perform a configuration overwrite. It starts by querying the Admin server for the available applications, picks one, and then exploits it. You can also provide an application name to...

[SECURITY] [DSA 4595-1] debian-lan-config security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4595-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2019 https://www.debian.org/security/faq -...

Default credentials

Debian-edu-config all versions 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals...

PT-2019-5234 · Mit +2 · Kerberos +3

Name of the Vulnerable Software and Affected Versions: Debian-edu-config versions prior to 2.11.10 debian-lan-config versions prior to 0.26 Description: The issue is related to a security flaw in privilege management. Exploitation of this flaw can allow an attacker to gain unauthorized access to...

50m-ctf: LFI on Accounting server and RCE on FliteThermostat admin server

Summary: An attacker is able to download local files on the Accounting server due leveraging improper input sanitization in the Invoice PDF generator. In the same fashion an attacker is also able to issue server-side requests on the Accounting server through user-controlled CSS, possibly leading ...

Security Bulletin: IBM Cognos TM1 Admin Server vulnerabilities (CVE-2012-0202)

Summary The tm1admsd.exe server contains a security vulnerability shipped by IBM Cognos TM1 Admin Server versions 9.4.1 and 9.5.X prior to 9.5.2 FP2. The vulnerability allow a remote attacker that has access to the server and port that the server is listening on to cause a Denial of Service DoS...

QND Advance/Standard vulnerable to directory traversal

Overview QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability. QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability CWE-22 in an administrative server due to the issue in processing input from an age...

GHSA-6494-V9FQ-FGQ2 Keystone is vulnerable to CSV injection

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-32492)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States of America Cisco Cisco company's set of audio and video conferencing server software.Web Admin Interface is one of the Web login interface. A denial of service vulnerability exists in the Web Admin Interfac...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the krb5-admin-server package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

AVG Remote Administration Bypass / Code Execution / Static Keys

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: AVG Remote Administration vulnerable version: all - except issue 2 fixed version: none - except issue 2 impact: critical...

IBM Cognos tm1admsd.exe Buffer Overflow (CVE-2012-0202)

Multiple stack-based buffer overflow vulnerabilities have been reported in IBM Cognos TM1 Admin Server...