Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices

Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...

Cisco Firepower 9000 Series Resource Management Error Vulnerability

Cisco Firepower 9000 Series is a 9000 series firewall appliance from Cisco USA. The Cisco Firepower 9000 Series has a resource management error vulnerability that originates from a logic error in the field programmable gate array. An attacker could cause a denial of service by sending specially...

CVE-2019-1700

A vulnerability in field-programmable gate array FPGA ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module PID: FPR9K-DNM-2X100G could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition...

Directory traversal

Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2019-5910

Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2019-5910

Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2019-5910

Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

The vulnerability of the Manager component in the real-time data synchronization tool Oracle GoldenGate, which allows a hacker to trigger a service failure.

The vulnerability of the Manager component in the real-time data synchronization tool Oracle GoldenGate relates to the handling of the zero pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending an incorrect command during the TCP connection...

HOUSE GATE App for iOS vulnerable to directory traversal

Overview HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

JVN#98505783: HOUSE GATE App for iOS vulnerable to directory traversal

HOUSE GATE App for iOS provided by HOUSE GATE inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a...

CVE-2018-18995

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing...

Hardcoded credentials

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...

Authentication flaw

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing...

CVE-2018-18995

CVE-2018-18995 affects ABB GATE-E1 and GATE-E2 Gateway Ethernet devices used in Pluto Safety PLC systems. The vulnerability is described as Missing Authentication for Critical Function : administration interfaces (Telnet/Web) accept no authentication, enabling an unauthenticated attacker to acces...

CVE-2018-18997

The CVE-2018-18997 issue affects ABB GATE-E1 and GATE-E2 gateway Ethernet devices used in Pluto Safety PLC systems. The vulnerability stems from Improper Neutralization of Input During Web Page Generation (CWE-79): via the administrative web interface, an unauthenticated attacker can insert an HT...

CVE-2018-18995

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing...

CVE-2018-18997

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...

ABB GATE-E1 and GATE-E2 Cross-Site Scripting Vulnerabilities

The ABB GATE-E1 and GATE-E2 are both Ethernet gateway devices from ABB Switzerland. A cross-site scripting vulnerability exists in ABB GATE-E1 EOL 2013 and GATE-E2 EOL OCT 2018, which can be exploited by a remote attacker to inject HTML/Javascript loads into arbitrary device property entries, whi...

ABB GATE-E2

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

The vulnerability of the Monitoring Manager component in the real-time data synchronization tool Oracle GoldenGate allows a hacker to gain full control over the application.

The vulnerability of the Monitoring Manager component in the real-time data synchronization tool Oracle GoldenGate arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain full control over the application using a TCP...