494 matches found
openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-272)
This update for cacti, cacti-spine fixes the following issues : cacti-spine was updated to version 1.2.9. Security issues fixed : - CVE-2009-4112: Fixed a privilege escalation bsc1122535. - CVE-2018-20723: Fixed a cross-site scripting XSS vulnerability bsc1122245. - CVE-2018-20724: Fixed a...
DEBIAN-CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
UBUNTU-CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...
PT-2020-19487 · Cacti +2 · Cacti +2
Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.8 Description: The issue allows remote code execution by privileged users through shell metacharacters in the Performance Boost Debug Log field of poller automation.php. This occurs when a new poller cycle begins, requiring...
Cacti Remote Code Execution Vulnerability (CNVD-2020-03255)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in Cacti version 1.2.8. An attacker...
CVE-2019-20003
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
CVE-2019-20003
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
Design/Logic Flaw
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
CVE-2019-20003
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication...
CVE-2019-20003
CVE-2019-20003 affects Feldtech easescreen Crystal 9.0 Web-Services (version 9.0.1.16265). The stored XSS vulnerability exists in the Debug-Log and Display-Log components and can be triggered when an attacker sends a crafted string for FTP authentication. CVSS metrics indicate a network-based, me...
Dell Command Update Arbitrary File Deletion Vulnerability
Dell Command Update is part of the Dell Client Command Suite and can be used to get all the latest driver, firmware and BIOS updates for Latitude, Optiplex and Precision systems. An arbitrary file deletion vulnerability exists in Dell Command Update versions prior to 3.1, which can be exploited b...
Nitro Software Nitro Pro Input Validation Error Vulnerability
Nitro Software Nitro Pro is a U.S. Nitro Software PDF document editor software. The software supports PDF document editing, PDF document formatting and encryption of PDF documents and other functions. An input validation error vulnerability exists in Nitro Software Nitro Pro versions prior to 13....
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback Exploit
There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it...
CVE-2019-18958
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...
CVE-2019-18958
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this can have a security risk if debug.log is later edited and then executed...
GHSA-8VH8-VC28-M2HF Potential to access user credentials from the log files when debug logging enabled
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...