5909 matches found
Siemens SIMATIC WinAC RTX (F) 2010 Denial of Service Vulnerability
Siemens SIMATIC WinAC RTXF 2010 is a PC-based fail-safe SIMATIC software controller from Siemens, Germany. A denial of service vulnerability exists in Siemens SIMATIC WinAC RTX F 2010. An unauthenticated attacker sending a large number of HTTP requests to a host running WinAC RTX can exploit this...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
Design/Logic Flaw
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2019-17134
CVE-2019-17134 affects OpenStack Octavia amphora-agent: vulnerable in Octavia releases 0.10.0–2.1.2, 3.0.0–3.2.0, and 4.0.0–4.1.0, where the gunicorn cert_reqs option is misconfigured (True instead of ssl.CERT_REQUIRED), allowing anyone with access to the management network to bypass client-certi...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
Debian DLA-1944-1 : libapreq2 security update
It was discovered that there was a remotely-exploitable NULL pointer dereference in libapreq2, a library for manipulating HTTP requests. For Debian 8 'Jessie', this issue has been fixed in libapreq2 version 2.13-4+deb8u1. We recommend that you upgrade your libapreq2 packages. NOTE: Tenable Networ...
CVE-2019-12701
A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software...
Cisco IOS XE Software Command Injection Vulnerability (cisco-sa-20190327-iosxe-cmdinj)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software. The vulnerability allows an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user...
CVE-2019-4280
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...
CVE-2019-4280
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...
Information disclosure
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...
CVE-2019-4280
IBM Sterling File Gateway (versions 2.2.0.0–6.0.1.0) has an information-disclosure vulnerability (CVE-2019-4280) where sensitive data is exposed in HTTP requests due to how the product handles requests in IBM Sterling B2B Integrator Standard Edition. Potential impact is information exposure that ...
CVE-2019-4280
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503...
V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery
V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on...
V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID:...
V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery
Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID: ZSL-2019-5536 Advisory URL:...
Qualys Cloud Platform 2.41 New Features
This release of the Qualys Cloud Platform version 2.41 includes updates and new features for new Gov clouds in AssetView / CloudView and Web Application Scanning, highlights as follows. AssetView Microsoft Azure Gov Cloud Connector – Added connector support for Microsoft Azure Gov Clouds, includi...
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery
V-SOL GPON/EPON OLT Platform v2.03 Cross-Site Request Forgery Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is current...
Golang Go CVE-2019-16276 HTTP Request Smuggling Vulnerability
Description Golang Go is prone to an HTTP-request-smuggling vulnerability. A remote attacker may leverage this issue to poison web caches,bypass security defenses, launch cross-site scripting and HTML-injection attacks, and execute session-hijacking attacks. Other attacks are also possible...