120 matches found
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libmono-c5-1.0-cil package of the Debian GNU/Linux operating system can be exploited, resulting in a violation of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Directory traversal
Directory traversal vulnerability in TP-LINK Archer C5 1.2 with firmware before 150317, C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N 5.0 and TL-WR741ND 5.0 with...
CVE-2015-3035
TP-LINK routers are affected by CVE-2015-3035: a directory traversal in PATH_INFO triggered at /login/ that allows remote attackers to read arbitrary files. Affected models and firmware windows include Archer C5 (1.2) <150317, C7 (2.0) <150304, C8 (1.0) <150316, Archer C9 (1.0), TL-WDR35...
PT-2015-3445 · Tp Link · Tp-Link Tl-Wr741N +10
Name of the Vulnerable Software and Affected Versions: TP-LINK Archer C5 versions 1.2 with firmware before 150317 TP-LINK Archer C7 version 2.0 with firmware before 150304 TP-LINK Archer C8 version 1.0 with firmware before 150316 TP-LINK Archer C9 version 1.0 TP-LINK TL-WDR3500 version 1.0 with...
Multiple TP-LINK Products LFI Vulnerability (Apr 2015) - Active Check
Multiple TP-LINK devices are prone to a local file include LFI vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities
Title: ====== Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities Date: ===== 2012-03-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=443 VL-ID: ===== 443 Introduction: ============= The Enterasys C5 is a scalable, high-performance Gigabit Ethernet switch...
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities
Document Title: =============== Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=443 Release Date: ============= 2012-03-07 Vulnerability Laboratory ID VL-ID: ===================================...
[SA20378] Secure Elements Class 5 AVR Multiple Vulnerabilities
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...
Code injection
Secure Elements Class 5 AVR aka C5 EVM client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages...
Design/Logic Flaw
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts...
Information disclosure
Secure Elements Class 5 AVR server aka C5 EVM before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages...
Information disclosure
Secure Elements Class 5 AVR server and client aka C5 EVM before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information...
Code injection
Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 do not validate the source address of a message, which allows remote attackers to 1 execute arbitrary code on a client or 2 forge messages to the server...
Design/Logic Flaw
The Administration Console in Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console...
CVE-2006-2715
The Administration Console in Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console...
CVE-2006-2716
CVE-2006-2716 affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The vulnerability stems from a hard-coded user ID and password, which enables remote attackers to gain access to the server. The connected sources confirm the affected component and root cause as har...
CVE-2006-2717
Affected software: Secure Elements Class 5 AVR client and server (C5 EVM) prior to 2.8.1. Vulnerability: authenticated attackers can overwrite arbitrary files (1) on a server during an update, or (2) on a client via modified pathnames, likely due to a directory traversal issue. Impact: potential ...
CVE-2006-2714
The CVE-2006-2714 issue is in Secure Elements Class 5 AVR client (aka C5 EVM) before version 2.8.1. The product does not validate the CEID of incoming messages, which can allow a remote attacker to send messages to a protected asset without knowing the proper CEID. Affected software: C5 EVM clien...
CVE-2006-2707
The CVE-2006-2707 entry affects the Secure Elements Class 5 AVR server (aka C5 EVM) prior to version 2.8.1. The root cause is that the server does not validate the peer certificate when obtaining updates, which could allow remote attackers to distribute malicious updates to clients. The available...
CVE-2006-2710
Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications...