35 matches found
Synology SRM lbd service Command Execution Vulnerability
Summary An exploitable command execution vulnerability exists in the lbd service functionality of Qualcomm lbd 1.1, as present in Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted debug command can overwrite arbitrary files with controllable content, resulting in remote code execution. An...
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute remote...
F2fs-Tools F2fs.Fsck Multiple Devices Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...
Microsoft Windows Unsafe Handling Practices
Hi @ll, This multi-part post can be read even without a MIME-compliant program! Back in 2014, I reported a vulnerability in CreateProcess's handling of .cmd and .bat files that Microsoft fixed with MS14-019 alias MSKB 2922229 and assigned CVE-2014-0315: command lines with a batch script as first...
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
Trend Micro Email Encryption Gateway 5.5 Build 1111.00 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple...
NetEx HyperIP 6.1.0 Local File Inclusion Vulnerability
NetEx HyperIP version 6.1.0 suffers from a local file inclusion vulnerability. Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability...
NetEx HyperIP 6.1.0 Local File Inclusion
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability Title: NetEx HyperIP Local File Inclusion Vulnerability Advisory ID: KL-001-2018-005 Publication Date: 2018.02.08 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt 1. Vulnerability Details Affecte...
NetEx HyperIP Local File Inclusion Vulnerability
Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path, CWE-592: Authentication Bypass Issues Impact: Arbitrary Filesystem Reads Attack vector: HTTPS 2...
Circle with Disney check_circleservers Code Execution Vulnerability(CVE-2017-2882)
Summary An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order...
Cisco Firepower Threat Management Console Local File Inclusion
KL-001-2016-006 : Cisco Firepower Threat Management Console Local File Inclusion Title: Cisco Firepower Threat Management Console Local File Inclusion Advisory ID: KL-001-2016-006 Publication Date: 2016.10.05 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-006.txt 1...
Cisco Firepower Threat Management Console Local File Inclusion
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path Impact: Information Disclosure Attack...
Arris DG1670A Cable Modem Remote Command Execution
Vulnerability Details Affected Vendor: Arris Affected Product: Cable Modem Affected Version: DG1670A, TG1670 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path; CWE-77: Improper Neutralization of Special Elements used in a Command; CWE-522: Insufficiently...
PaperThin CommonSpot CMS contains multiple vulnerabilities
Overview PaperThin CommonSpot contains multiple vulnerabilities, which may allow an unauthenticated remote attacker to execute arbitrary code on the server. Description PaperThin CommonSpot is a content management system CMS that is based on Adobe ColdFusion. CommonSpot is composed of over 3000...
@Mail Open webmail client contains multiple vulnerabilities
Overview The @Mail Open 1.04 webmail client contains multiple vulnerabilities including; unrestricted upload of file with dangerous type CWE-434, relative path traversal CWE-23, external control of file name or path CWE-73, and information exposure CWE-200. Description The @Mail Open 1.04 webmail...
CGI Generic Local File Inclusion
The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to include a local file and disclose its content. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...