CVE-2018-7821

An Environment CWE-2 vulnerability exists in SoMachine Basic, all versions, and Modicon M221all references, all versions prior to firmware V1.10.0.0 which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated...

CVE-2019-5930

Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'...

Authentication flaw

Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'...

Update for Windows Server 2008 SP2: April 25, 2019

Update for Windows Server 2008 SP2: April 25, 2019 Summary This update includes the quality improvements from KB4493458, in addition to new Japanese Era related changes. Key changes include: Updates the NLS registry to support the new Japanese Era. Addresses an issue that causes the Date and Time...

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage...

Rockwell Automation BASIC Language Module 1746-BAS-T Speciality I/O

Binary data 754050.prm...

Siemens KTP900 Basic HMI Detection

Binary data 750036.prm...

Rockwell Automation BASIC Language Module 1746-BAS/B Speciality I/O

Binary data 754037.prm...

CVE-2019-1714

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated,...

CVE-2019-1714

CVE-2019-1714 affects Cisco ASA and Cisco Firepower Threat Defense (FTD) software, where the SAML 2.0 SSO implementation has improper credential handling for NTLM or basic authentication. An unauthenticated, remote attacker could open a VPN session after another user has authenticated via SAML SS...

Command Execution Vulnerability in niushop Multi-Merchant Basic v1.11

NiuShop B2B2C Multi-Merchant Mall System is a PHP open source e-commerce system designed and developed completely independently by Shanxi NiuKu Information Technology Co. A command execution vulnerability exists in the NiuShop B2B2C Multi-merchant Mall System. An attacker can achieve remote code...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability

A vulnerability in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial ...

March 19, 2019—KB4489888 (OS Build 15063.1716)

March 19, 2019—KB4489888 OS Build 15063.1716 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change plea...

The vulnerability of the ASN.1 BER dissector component of the Wireshark network traffic analyzer tool, which is related to the execution of operations beyond the memory limit, allows attackers to cause a service failure.

The vulnerability of the ASN.1 BER component epan/dissectors/packet-ber.c, a dissector for analyzing computer network traffic in Wireshark, is related to the execution of operations beyond the memory limits. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

ovirt-engine: Missing permissions check in web ui allows a user with basic privileges to delete disks

It was discovered that in the ovirt REST API, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges e.g. Basic Operations could exploit this flaw to delete disks attached to...

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

ALPINE-CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

CVE-2019-11454

CVE-2019-11454 affects Monit before 5.25.3, with a persistent cross‑site scripting (XSS) flaw in http/cervlet.c that could be triggered via an unsanitized user field in the Authorization header during an _viewlog operation. Connected advisories show multiple distributions addressing this with fix...