CVE-2018-14541

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields...

CVE-2018-14541

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields...

Cross site scripting

PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields...

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs CDs apparently sent from China, KrebsOnSecurity has learned. This...

NetScanTools Basic Edition 2.5 - Hostname Denial of Service (PoC)

NetScanTools Basic Edition 2.5 - Hostname Denial of Service PoC Exploit Title: NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service PoC Discovery by: Luis Martínez Discovery Date: 2018-07-26 Vendor Homepage: https://www.netscantools.com/ Software Link :...

CVE-2018-14562

An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cbmodel.h...

Operating System (OS) Detection (RTSP)

RTSP server based Operating System OS detection. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Schneider Electric SoMachine Basic XML External Entity Injection Vulnerability

Schneider Electric SoMachine Basic is a software for programming and debugging components on a control platform from the French company Schneider Electric Schneider Electric. An XML external entity injection vulnerability exists in Schneider Electric SoMachine Basic version 1.6 SP1, which stems...

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

Xxe

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2018-7783

CVE-2018-7783 affects Schneider Electric SoMachine Basic prior to v1.6 SP1. The vulnerability is an XML External Entity (XXE) flaw triggered by unsanitized input to the XML parser, enabling disclosure/retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. Affected produ...

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2018-11746

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

Design/Logic Flaw

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

CVE-2018-11746

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

CVE-2018-11746

CVE-2018-11746 affects Puppet Discovery prior to 1.2.0. When running against Windows, WinRM connections can fall back to basic auth over insecure channels if a HTTPS server is unavailable, exposing login credentials used by Puppet Discovery. The issue is specific to that context; upgrading to ver...

CVE-2018-11746 Puppet Discovery can leak authentication information

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

The vulnerability of the components ExportSettings.sh, updateWPS, RebootSystem, and vpnBasicSettings of the Intelbras NCLOUD 300 Wi-Fi router’s microprogramming system allows a hacker to gain access to the device with administrator privileges.

The vulnerabilities of the components ExportSettings.sh /cgi-bin/ExportSettings.sh, updateWPS /goform/updateWPS, RebootSystem /goform/RebootSystem, and vpnBasicSettings /goform/vpnBasicSettings of the Intelbras NCLOUD 300 Wi-Fi router software are related to the use of pre-installed registration...

Microsoft Windows: Basic authentication (RM Client)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmclientbasicauth.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow Basic authentication Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...