2886 matches found
CVE-2014-0140
Red Hat CloudForms 3.1 Management Engine CFME before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request...
CVE-2014-0140
Red Hat CloudForms Management Engine (CFME) prior to 5.3 is affected. An authenticated user could access sensitive controllers and actions via direct HTTP(S) requests, enabling possible privilege escalation. The issue is documented under CVE-2014-0140 and addressed in Red Hat’s RHSA-2014:1317; re...
PT-2014-3496 · Red Hat · Red Hat Cloudforms
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.3 Description: The issue allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. Recommendations: For versions prior to 5.3, update to version 5....
CFME: default routes expose controllers and actions
It was found that Red Hat CloudForms exposed default routes that were reachable via HTTPS requests. An authenticated user could use this flaw to access potentially sensitive controllers and actions that would allow for privilege escalation...
kernel, perf, python security update
CentOS Errata and Security Advisory CESA-2014:1281 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS...
RedHat Update for kernel RHSA-2014:1281-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : kernel (RHSA-2014:1281)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1281 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux...
CentOS 7 : kernel (CESA-2014:1281)
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Moderate: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
supermicro-ipmi-conf NSE Script
Attempts to download an unprotected configuration file containing plain-text user credentials in vulnerable Supermicro Onboard IPMI controllers. The script connects to port 49152 and issues a request for "/PSBlock" to download the file. This configuration file contains users with their passwords ...
Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability
No description provided by source. Vendor Homepage: http://www.ubnt.com/ Tested on: Kali Linux ----------------------------------------- Affected Products/Versions: ----------------------------------------- UniFi Controller v2.4.6 mFi Controller v2.0.15 AirVision Controller v2.1.3 Note: Previous...
CVE-2014-2717
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain administrative access by visiting the change-password page...
Joomla Component (com_jphone) Local File Inclusion Vulnerability
0x01 漏洞简述 CVE-2010-3426 CNNVD-201009-171 发布时间 : 2010-09-16 影响版本 : 1.0 Alpha 3 官方主页 : http://www.4you-studio.com 下载链接 : http://www.joomlafrance.org/telecharger/download/Jphone/344bbad81cf491b6e5215e3f15fc3fb7.html 4You-Studio JPhone组件 'controller' 参数本地文件包含漏洞 Joomla!是一款开放源码的内容管理系统CMS。 Joomla!中的JPho...
Microsoft Windows XP/2000/NT 4 Locator Service Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6666/info It has been reported that the Microsoft Windows Locator service is affected by a remotely exploitable buffer overflow vulnerability. The condition is due to a memory copy of RPC arguments received from remote...
Supermicro Onboard IPMI Port 49152 Sensitive File Exposure Exploit
This module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the...
Magento 1.2 app/code/core/Mage/Adminhtml/controllers/IndexController.php email Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/33872/info Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affect...
Samsung D6000 TV Multiple Vulnerabilities
No description provided by source. Luigi Auriemma Application: Samsung devices with support for remote controllers http://www.samsung.com Versions: current Platforms: the vulnerable protocol is used on both TV and blue-ray devices so both of them should be vulnerable my tests were performed only ...
20-Year Old Vulnerability Patched in Compression Algorithm
A 20-year old vulnerability in the Lempel-Ziv-Oberhumer LZO compression algorithm – used in some Android phones, the Linux kernel, and even Mars Rovers – was finally patched this week. Code stemming from the algorithm’s library function has existed in the wild for two decades, but was recycled ov...
MS14-025: An Update for Group Policy Preferences
Today, we released an update to address a vulnerability in Group Policy Preferences MS14-025. Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...
CVE-2014-0760
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service application crash vi...