41 matches found
Unauthenticated Remote Code Execution
Description Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a username and password to the "check password script" that can be...
EUVD-2014-5218
Malware in sbrugna...
EUVD-2021-23970
Malware in sbrugna...
CVE-2021-20827
Plaintext storage of a password vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows an...
CVE-2021-37401
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...
CVE-2014-5329
GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...
Netatalk: Multiple Vulnerabilities including root remote code execution
Background Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Description Multiple vulnerabilities have been discovered in...
CVE-2014-5329
GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...
Race condition
GIGAPOD file servers Appliance model and Software model provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests CVE-2011-3192, which may lead to ...
CVE-2014-5329
CVE-2014-5329 leverages a flaw in Apache HTTP Server (CVE-2011-3192) on the 8001/tcp admin interface. The root cause is improper handling of Range headers, enabling a DoS condition. Public sightings reference an Apache Range DoS (e.g., Metasploit module) and multiple advisories (CentOS/CESA, Amaz...
Security fix for the ALT Linux 10 package samba version 4.16.7-alt1
Nov. 22, 2022 Evgeny Sinelnikov 4.16.7-alt1 - Update to maintenance release of Samba 4.16 Samba15203 - Security fixes: + CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PA...
TrueStack Direct Connect 安全漏洞
TrueStack Direct Connect is a VPN management server from TrueStack USA, Inc. for easily connecting Windows and Mac computers to Windows domain controllers and file servers in the AWS cloud. A security vulnerability exists in TrueStack Direct Connect 1.4.7 that stems from incorrect application...
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols
A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl clie...
CVE-2021-37401
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...
CVE-2021-37401
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...
Design/Logic Flaw
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...
CVE-2021-37401
IDEC PLCs are affected by CVE-2021-37401 (Plaintext storage of a password). The trusted‑credentials leakage occurs when an attacker obtains user credentials from file servers, backup repositories, or ZLD files saved on SD cards, enabling unauthorized PLC program upload/alteration/download. The jo...
CVE-2021-20827
Plaintext storage of a password vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows an...
CVE-2021-20827
Plaintext storage of a password vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows an...
CVE-2021-20827
Plaintext storage of a password vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows an...