19 matches found
GHSA-X8HC-FQV3-7GWF Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity
Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...
EUVD-2026-18372
Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity...
CVE-2026-33950
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...
PT-2026-29796
Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.24.0-beta.4 Description Signal K Server, a server application used in marine navigation systems, contains a privilege escalation issue. An unauthenticated attacker can exploit this to gain full Administrator...
FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication
FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-07-freeswitch-SIP-MESSAGE-without-auth - Vendor Security Advisory:...
Security Bulletin: A vulnerability has been identified in IBM Elastic Storage System where an attacker could cause a denial of service (CVE-2020-5015)
Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System that could allow an attacker to cause a denial of service. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-5015 DESCRIPTION: IBM Elastic Storage System could allow a...
VoIPmonitor 27.6 Buffer Overflow
VoIPmonitor is vulnerable to a buffer overflow when using the live sniffer - Fixed versions: 27.6 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-03-voipmonitor-livesniffer-buffer-overflow - VoIPmonitor Security Advisory: none, changelog references fixe...
Coturn 4.5.1.x Access Control Bypass
Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn Security Advisory:...
GaussDB Kernel: Configuring Rsyslog for Unified Audit Logs
By default, unified audit logs are output to the Rsyslog on each CN. User root is authorized to configure and view the logs. Ensure that enablesecuritypolicy is Enabled. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright...
Kamailio 5.4.0 Header Smuggling Exploit
Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of removehf. Kamailio vulnerable to header smuggling possible due to bypass of removehf - Fixed versions: Kamailio v5.4.0 - Enable Security Advisory: - Tested vulnerable versions: 5.3.5 and earlier - Timeline: - Report date &...
WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
The Web Application FirewallFingerprinting Tool. — FromEnable Security How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...
Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service
''' Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-002 - Enable Security Advisory: - Vendor Advisory: - Tested vulnerable versions:...
Asterisk 14.4.0 Skinny Denial Of Service
Asterisk Skinny memory exhaustion vulnerability leads to DoS - Authors: - Alfred Farrugia - Sandro Gauci - Vulnerable version: Asterisk 14.4.0 with chanskinny enabled - References: AST-2017-004 - Enable Security Advisory: - Vendor Advisory: - Timeline: - Report date: 2017-04-13 - Digium confirmed...
PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom...
WFTPD Pro 3.30 - Multiple Command Remote Denial of Service Vulnerabilities
// source: https://www.securityfocus.com/bid/33426/info WFTPD Pro is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle specially crafted FTP commands in a proper manner. Attackers can exploit these issues to crash the affected application, denying...
Yet another wretched trick: Surf Jacking-vulnerability warning-the black bar safety net
Author: thorn This technique is today EnableSecurityissue. The prerequisite is to be able tointercepted trafficit. Specifically, it can monitor the uplink traffic, you can modify the downstream flow. Method by the arp spoofing, DNS spoofing, wireless monitor or the like. Some people might say, ca...
Unpassworded 'friday' Account
The account 'friday' has no password set. An attacker may use this to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "friday"; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid11254; scriptversion"1.35";...