54 matches found
11in1 CMS 1.2.1 - Local File Inclusion (LFI)
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php. id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion LFI author: daffainfo...
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
Oracle WebLogic Server - Remote Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...
Allround Automations PL/SQL Developer v11 performs updates over HTTP
Overview Allround Automations PL/SQL Developer version 11 checks for updates over HTTP and does not verify updates before executing commands, which may allow an attacker to execute arbitrary code. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2016-2346 According to the...
HP Photosmart B210 printer SMB server buffer overflow vulnerability
Overview The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition, requiring the printer to be restarted. Description Fuzzing the first 296 bytes of an SMB packet may in some cases cause a denial of service...
N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password
Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...
Resin Pro improperly performs Unicode transformations
Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...
Datum Systems satellite modem devices contain multiple vulnerabilities
Overview Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities Description CWE-220:Sensitive Data Under FTP Root - CVE-2014-2950The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no...
F5 ARX Data Manager contains a SQL injection vulnerability
Overview F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command F5 ARX Data Manager 3.0.0 - 3.1.0 contains an unspecified SQL injection vulnerability. --- Impact A remote authenticated attack...
Xangati software release contains relative path traversal and command injection vulnerabilities
Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...
Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability
Overview Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user. Description CWE-200: Information ExposureWhen logged...
Pearson eSIS Enterprise Student Information System XSS vulnerability
Overview Pearson eSIS Enterprise Student Information System contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'Pearson eSIS Enterprise Student Information System contains a reflected cross-site scripting vulnerabilit...
Internet Explorer CMarkup use-after-free vulnerability
Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the MSHTML CMarkup component, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the...
F5 Networks BIG-IP Edge Client information leakage vulnerability
Overview F5 Networks has reported a flaw in the BIG-IP APM and the FirePass client-side F5-signed Edge Client components. The components may leak information from memory. CWE-200 Description F5 Networks has reported a flaw in the BIG-IP APM and the FirePass client-side F5-signed Edge Client...
Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability
Overview Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 1.1.13.186, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation...
Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches contain a directory traversal vulnerability
Overview Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches running firmware version 1.9.16473 and possibly previous versions contain a directory traversal vulnerability CWE-23. Description CWE-23: Relative Path Traversal Emerson Network Power Avocent...
Synology DiskStation Manager arbitrary file modification
Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...
Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and execution
Overview The Attachmate Verastream Host Integrator VHI is vulnerable to arbitrary file uploads and execution. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-3626The Attachmate VHI Session Server, on all platforms, allows unauthenticated...
AdvancePro Technologies Advanceware software suite vulnerable to privilege bypass
Overview AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in information leakage CWE-200. Description CWE-200: Information Exposure AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in...
TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability
Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...