NetEx HyperIP Privilege Escalation Vulnerability

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-592: Authentication Bypass Issues Impact: Privilege Escalation Attack vector: HTTPS 2. Vulnerability Description Privileges can be escalated by abusing...

NetEx HyperIP Local File Inclusion Vulnerability

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path, CWE-592: Authentication Bypass Issues Impact: Arbitrary Filesystem Reads Attack vector: HTTPS 2...

NetEx HyperIP Authentication Bypass

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-592: Authentication Bypass Issues Impact: Authentication Bypass Attack vector: HTTPS 2. Vulnerability Description Authentication for the management...

Sophos Web Gateway 4.4.1 Cross Site Scripting

KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability Title: Sophos Web Gateway Persistent Cross Site Scripting Vulnerability Advisory ID: KL-001-2018-001 Publication Date: 2018.01.26 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-001.txt ...

Sophos Web Gateway Persistent Cross Site Scripting Vulnerability

Vulnerability Details Affected Vendor: Sophos Affected Product: Web Gateway Affected Version: 4.4.1 Platform: Embedded Linux CWE Classification: CWE-79: Improper Neutralization of Input During Web Page Generation, CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Impact:...

Splunk 6.6.x Local Privilege Escalation Vulnerability

Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges. Title: Splunk Local Privilege Escalation...

Splunk Local Privilege Escalation

Vulnerability Details Affected Vendor: Splunk Affected Product: Splunk Enterprise Affected Version: 6.6.x Platform: Embedded Linux CWE Classification: CWE-280: Improper Handling of Insufficient Permissions or Privileges Impact: Privilege Escalation Attack vector: Local 2. Vulnerability...

Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation Vulnerabilities

Exploit for hardware platform in category remote exploits Title: Infoblox NetMRI Administration Shell Escape and Privilege Escalation Advisory ID: KL-001-2017-017 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-017.txt 1. Vulnerability...

Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation

KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation Title: Infoblox NetMRI Administration Shell Escape and Privilege Escalation Advisory ID: KL-001-2017-017 Publication Date: 2017.10.24 Publication URL:...

Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation Vulnerabilities

Exploit for cgi platform in category remote exploits Title: Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Advisory ID: KL-001-2017-019 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-019.txt 1. Vulnerability Details Affecte...

Sophos UTM 9 Management Appplication Local File Inclusion Vulnerability

Exploit for hardware platform in category remote exploits Title: Sophos UTM 9 Management Application Local File Inclusion Advisory ID: KL-001-2017-021 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-021.txt 1. Vulnerability Details Affected...

Infoblox NetMRI VM-AD30-5C6CE Factory Reset Persistence Vulnerability

Exploit for hardware platform in category remote exploits Title: Infoblox NetMRI Administration Shell Factory Reset Persistence Advisory ID: KL-001-2017-018 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-018.txt 1. Vulnerability Details...

Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation

KL-001-2017-019 : Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Title: Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Advisory ID: KL-001-2017-019 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-019.txt 1...

Infoblox NetMRI Administration Shell Factory Reset Persistence

Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: VM-AD30-5C6CE Platform: Embedded Linux CWE Classification: CWE-485: Insufficient Encapsulation Impact: Administrative Account Backdoor Attack vector: SSH 2. Vulnerability Description An authenticated user...

Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions

Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-280: Improper Handling of Insufficient Permissions or Privileges Impact: Root Access Attack vector: SSH 2. Vulnerability Description The attacker must...

Sophos UTM 9 Management Application Local File Inclusion

Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-538: File and Directory Information Exposure, CWE-264: Permissions, Privileges, and Access Controls, CWE-532: Information Exposure Through Log Files...

Sonicwall WXA5000 Console Jail Escape and Privilege Escalation

Vulnerability Details Affected Vendor: Sonicwall Affected Product: WXA5000 WAN Optimization Appliance Affected Version: 1.3.2-10-30 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command Impact: Root Access Attack vector: Console 2...

Infoblox NetMRI Administration Shell Escape and Privilege Escalation

Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: 7.1.2 - 7.1.4 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-272: Least Privilege Violation Impact: Root...

Solarwinds LEM Insecure Update Process

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Multiple Affected Version: Multiple Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control, CWE-346: Origin Validation Error Impact: Counterfeit Product Downloads Attack vector: HTTP 2. Vulnerability...

Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection Vulnerability

Exploit for cgi platform in category web applications Sonicwall Secure Remote Access SRA - Command Injection Vulnerabilities Vendor: Sonicwall Dell Product: Secure Remote Access SRA Version: 8.1.0.2-14sv Platform: Embedded Linux Discovery: Russell Sanford of Critical Start www.CriticalStart.com...