FTPGetter Professional 5.97.0.223 - Denial of Service Exploit

Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service PoC Exploit Author: FULLSHADE Vendor Homepage: https://www.ftpgetter.com/ Software Link: https://www.ftpgetter.com/ftpgetterprosetup.exe Version: v.5.97.0.223 Tested on: Windows 7 CVE : N/A...

CVE-2019-4954

CVE-2019-4954 is rejected and not used; not an active vulnerability entry.

jenkins-script-security-plugin: handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...

SYS.2.2.2.A10

Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Standard-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify...

Device quarantine for alternate pci assignment methods

ISSUE DESCRIPTION XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of...

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write (cisco-sa-20191016-tele-ce-filewrite)

According to its self-reported version, the Cisco TelePresence Collaboration Endpoint CE Cisco TelePresence Software is affected by a vulnerability due to improper permission assignment. An authenticated, local attacker can exploit this by logging in as the remotesupport user to write files to th...

Rockwellautomation 1763-l16awa Unspecified Vulnerability

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

CVE-2019-17605

CVE-2019-17605 affects eyecomms eyeCMS (≤2019-10-15). A mass-assignment flaw lets an attacker modify a candidate id and add a password parameter to take over another candidate’s account, resulting in the other user’s password being changed. This is reported alongside CVE-2019-17604, an Insecure D...

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

EMC Avamar Server Incorrect Permission Assignment Vulnerability (DSA-2019-138)

According to its self-reported version number, the EMC Avamar Server versions software running on the remote host is 7.4.1, 7.5.0, 7.5.1, 18.2, or 19.1 and missing the appropriate hotfixes. A remote authenticated attacker can potentially exploit this vulnerability to view or modify sensitive back...

Design/Logic Flaw

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-3765

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could...

Code injection

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could...

CVE-2019-3765

Summary (CVE-2019-3765): Dell EMC Avamar Server (versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1) and Dell EMC Integrated Data Protection Appliance (IDPA) (versions 2.0–2.4) are affected by an Incorrect Permission Assignment for a Critical Resource vulnerability. A remote authenticated attacker could vi...

The vulnerability in the driver sound/usb/line6/driver.c file of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the sound/usb/line6/driver.c file of the Linux operating system is related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to cause a service failure...