37 matches found
CVE-2022-22156
An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle PitM attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The...
CVE-2021-20158
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command...
CVE-2021-20157
It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command...
CVE-2021-20158
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command...
Trendnet AC2600 访问控制错误漏洞
Trendnet AC2600 TEW-827DRU is a wireless router. version 2.08B01 of the Trendnet AC2600 TEW-827DRU contains a security vulnerability that stems from a hidden administrative command that could be exploited to force an attacker to change the administrator password...
Loading Kernel Shellcode
In the wake of recent hacking tool dumps, the FLARE team saw a spike in malware samples detonating kernel shellcode. Although most samples can be analyzed statically, the FLARE team sometimes debugs these samples to confirm specific functionality. Debugging can be an efficient way to get around...
F5 Networks BIG-IP : Linux kernel vulnerability (K68852819)
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service use-after-free by making multiple bind system calls without properly ascertaining whether a socket has the SOCKZAPPED status, related to...
Insufficient Storage for VSS Error "0x8004231F or Error: VSSControl: -2147467259"
Challenge The following error occurs during a task that utilizes the Microsoft VSS subsystem: VSSControl: -2147467259 Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. VSS asynchronous operation is not completed. Operation: Shadow copies commit. Code:...
CVE-2013-0083
Cross-site scripting XSS vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."...
Cross site scripting
Cross-site scripting XSS vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."...
CVE-2013-0083
CVE-2013-0083 affects Microsoft SharePoint Server 2010 SP1 (and SharePoint Foundation 2010) via a cross-site scripting (XSS) vulnerability in crafted site content that allows an attacker to inject arbitrary script/HTML. This could lead to execution of administrative commands in the context of the...
SAP NetWeaver PI SDK - XXE and XXE Tunneling
Application: SAP PI SDK Versions Affected: SAP PI SDK Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 12.03.2012 Vendor response: 13.03.2012 Date of Public Advisory: 22.10.2012 Reference: SAP Security Note 1723641 Authors: Alexander Polyakov, Alexey Tyurin, Alexandr...
SAP GRMGApp - XXE and authentication bypass
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass, XXE Exploits: YES Reported: 13.07.2012 Vendor response: 14.07.2012 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 28.01.2013 Reference: SAP Security Not...
SAP NetWeaver SPML - XML External Entity
Application: SAP NetWeaver JAVA Versions Affected: 6.40/7.02 maybe others Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 08.04.2011 Vendor response: 09.04.2011 Patched by SAP: 11.09.2012 Date of Public Advisory: 15.12.2012 Reference: SAP Security Note 1621534...
SAP Netweaver CCMS - XML External Entity
Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1715040 Authors: Alexey Tyurin ERPScan...
Lyris ListManager Subscription Form Administrative Command Injection
The remote host appears to be running ListManager, a web-based commercial mailing list management application from Lyris. According to its banner, the version of ListManager installed on the remote host does not sufficiently sanitize input to the 'pw' parameter when processing new subscription...
SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, I am not liable for any damages caused by direct or indirect use of the information or functionality provided by this advisory. I bear NO responsibility for...