[SECURITY] Fedora 24 Update: dropbear-2017.75-1.fc24

Dropbear is a relatively small SSH server and client. It's particularly use ful for "embedded"-type Linux or other Unix systems, such as wireless routers...

Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation Vulnerability

An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1. Solarwinds LEM Privilege Escalation via Sudo Script Abuse Title: Solarwinds LEM Privilege Escalation via...

Solarwinds LEM 6.3.1 Sudo Privilege Escalation Vulnerability

Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1. Solarwinds LEM Privilege Escalation via Controlled Sudo Path Title: Solarwinds LEM...

Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read Vulnerability

The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file...

Solarwinds LEM Privilege Escalation via Controlled Sudo Path

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-281: Improper Preservation of Permissions, CWE-708: Incorrect Ownership Assignment Impact: Privileged Access...

Solarwinds LEM 6.3.1 Shell Escape Command Injection

KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection Title: Solarwinds LEM Management Shell Escape via Command Injection Advisory ID: KL-001-2017-007 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt 1...

CVE-2016-10308

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...

CVE-2016-10308

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...

Command injection

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the...

CVE-2016-10308

CVE-2016-10308 affects Siklu EtherHaul radios running versions prior to 3.7.1 and 6.x prior to 6.9.0. The vulnerability stems from a built-in, hidden root account with an unchangeable password shared across all devices. This account allows access to the embedded Linux OS via both SSH and the devi...

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications !-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication URL:...

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery !-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication...

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery

!-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-004.txt 1...

Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write Title: Trendmicro InterScan Arbitrary File Write Advisory ID: KL-001-2017-001 Publication Date: 2017.02.15 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt 1. Vulnerability Details Affected Vendor:...

Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation

KL-001-2017-002 : Trendmicro InterScan Privilege Escalation Vulnerability Title: Trendmicro InterScan Privilege Escalation Vulnerability Advisory ID: KL-001-2017-002 Publication Date: 2017.02.15 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-002.txt 1. Vulnerability...

Trendmicro InterScan Arbitrary File Write

Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a...

Trendmicro InterScan Privilege Escalation Vulnerability

Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact:...

Sophos Web Appliance 4.2.1.3 - Remote Code Execution

Sophos Web Appliance 4.2.1.3 - Remote Code Execution KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL:...

Sophos Web Appliance 4.2.1.3 - Remote Code Execution

KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt 1. Vulnerability Details Affected Vendor:...

Sophos Web Appliance 4.2.1.3 Privilege Escalation

KL-001-2016-008 : Sophos Web Appliance Privilege Escalation Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-008 Publication Date: 2016.11.03 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-008.txt 1. Vulnerability Details Affected Vendor: Soph...