Debian DSA-4604-1 : cacti - security update

Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users. - CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified...

Fedora Update for glpi FEDORA-2019-311441d430

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2020-10103 · D Link · D-Link Dsl-2680

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2680 version EU 1.03 Description: A Broken Access Control issue in the web administration interface allows an attacker to download configuration settings by submitting a "rom-0" GET request without authentication on the admin...

CVE-2019-19021

An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account with a hard-coded password in the web administration interface, with administrator privileges. Anybody can log in with this account...

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

CVE-2019-19018

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

Design/Logic Flaw

An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web application is using...

Sql injection

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database...

CVE-2019-19016

An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database...

Command injection

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filin...

IBM WebSphere eXtreme Scale Admin API Cross-Site Scripting Vulnerability

IBM WebSphere eXtreme Scale is a distributed caching solution from IBM in the United States. The product supports dynamic caching, partitioning, replication, and management of application data and business logic across multiple servers.Admin API is one of the management API Application Programmin...

[SECURITY] Fedora 31 Update: glpi-9.4.4-1.fc31

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

CVE-2019-4115

IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158113...

Exploit for OS Command Injection in Webmin

Make-and-Break Create and exploit a vulnerable Virtual Mac...

GHSA-VXH3-MVV7-265J Cross-site scripting invenio-records

Cross-Site Scripting XSS vulnerability in administration interface Impact A Cross-Site Scripting XSS vulnerability was discovered when rendering JSON for a record in the administration interface. The vulnerability could be exploited by e.g. a user who had access to upload a new record, that an...

Cross-site scripting invenio-records

Cross-Site Scripting XSS vulnerability in administration interface Impact A Cross-Site Scripting XSS vulnerability was discovered when rendering JSON for a record in the administration interface. The vulnerability could be exploited by e.g. a user who had access to upload a new record, that an...

DRUPAL-CONTRIB-2019-055

This module enables you to add and manage additional custom permissions through the administration UI. The module doesn't sufficiently check for the proper access permissions to this page. This vulnerability is mitigated by the fact that an attacker must know the route of the Custom Permissions...

PT-2019-3771 · Sap · Sap Diagnostic Agent

Name of the Vulnerable Software and Affected Versions: SAP Diagnostic Agent version 7.2 Description: The issue exists due to the failure to neutralize special elements used in the operating system command. This allows a remote attacker to inject code that can be executed by the application,...

[SECURITY] Fedora 29 Update: glpi-9.3.4-2.fc29

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 30 Update: glpi-9.4.3-1.fc30

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...