CVE-2018-20644

Technical details about CVE-2018-20644 are not publicly provided in the supplied documents. Monitor for updates from official sources for affected products, impact, and remediation.

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None...

Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow

Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None !/usr/bin/python This script started from PWK, Chapter 6 I a...

CVE-2019-1598

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol LDAP feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

The vulnerability of the SoMachine Basic software lies in its default access settings, which allow a perpetrator to gain access to the files of the SoMachine Basic resources.

The vulnerability of the SoMachine Basic software is related to incorrect default access settings. Exploiting this vulnerability can allow an attacker to gain access to the files of the SoMachine Basic resources...

The vulnerability of the SoMachine Basic software, related to configuration errors, allows a perpetrator to execute SoMachine.

The vulnerability of the SoMachine Basic software is related to configuration errors. Exploiting this vulnerability allows a remote attacker to execute SoMachine by sending specially crafted Ethernet messages...

DEBIAN-CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values...

Stack overflow

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices possibly WF2411 through WF2880, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service device restart or remote code execution. This vulnerability can be triggered by a GE...

PT-2019-1482

Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.10.0.0 SoMachine Basic affected versions not specified Description The issue is related to an incorrect configuration of the Ethernet interface in the Modicon M221 programmable logic controller when the...

Authentication flaw

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

CVE-2019-7675

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

CVE-2019-7675

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

CVE-2019-7675

MOBOTIX S14 MX-V4.2.1.61 devices are affected by CVE-2019-7675, where the default management interface is served over cleartext HTTP with Basic Authentication (/admin/index.html). This exposes credentials in transit, enabling potential interception of authentication material and unauthorized acce...

CVE-2019-7675

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI...

Kentix MultiSensor-LAN 5.63.00 Authentication Bypass Vulnerability

Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user...

dnSpy - .NET Debugger And Assembly Editor

dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing a...

Timing Attack Vulnerability In Basic Authentication

Action Controller in the actionpack gem has a flaw in the way it compares usernames and passwords in the basic authentication authorization code. Due to the flaw, attackers can launch a timing attack by analyzing the time taken by a response and use the difference to find a valid username and...

Cross-Site Request Forgery (CSRF)

OpenShift Enterprise is vulnerable to cross-site request forgery CSRF. The server is unable to verify the authenticity of web requests due to a lack of anti-CSRF protection mechanism in the REST API, allowing an attacker to submit requests on behalf of the user, and potentially obtain credentials...

CVE-2018-5403

Imperva SecureSphere gateway GW running v13, for both pre-First Time Login or post-First Time Login FTL, if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface...

CVE-2019-5310

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by sitetitle in an admin/system/basic POST request...