CodeWrights GmbH HART DTM Vulnerability

OVERVIEW Independent researcher Alexander Bolshev has identified an improper input validation vulnerability in CodeWrights GmbH HART Device Type Manager DTM libraries. CodeWrights GmbH produces DTM libraries for vendors of HART DTM products. CodeWrights GmbH has updated the libraries that mitigat...

ZYXEL PMG5318-B20A - OS Command Injection

ZYXEL PMG5318-B20A - OS Command Injection Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...

ZyXEL PMG5318-B20A - OS Command Injection Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...

ZYXEL PMG5318-B20A - OS Command Injection

Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6018 Vulnerability Details CWE-20 :...

Siemens RUGGEDCOM ROX-based Devices NTP Vulnerabilities

OVERVIEW Siemens has reported to NCCIC/ICS-CERT that NTP daemon vulnerabilities exist in the Siemens RUGGEDCOM ROX-based devices. Siemens has produced firmware updates to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens...

kingcms任意php文件删除（可截断时升级为任意文件删除 ）

简要描述： 设计不当导致任意php文件删除 详细说明： 漏洞文件：global.php 好像是所有php文件都会调用该文件，该文件如下代码 //当cachepath值被提交过来的时候，删除对应的临时缓存文件 if!empty$POST'cachepath' $cachepath=ROOT.PATHCACHE.'/'.$POST'cachepath'.'.php'; ifisfile$cachepath unlink$cachepath;...

Nuts CMS - PHP Remote Code Injection Execution

Nuts CMS - PHP Remote Code Injection Execution "cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost /"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $path = $argv2; $pack = "GET $pathnuts/login.php?r= HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Cmd: %s\r\n"; $pack.=...

Blue Coat SSL Visibility Appliance contains multiple vulnerabilities

Overview Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities. Description Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800, versions 3.6.x to 3.8.3, contain multiple vulnerabilities.CWE-352: Cross-Site...

Adobe Flash Player Multiple Vulnerabilities - 01 (May 2015) - Linux

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

VulnCheck KEV: CVE-2014-8361

Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request...

NetCat CMS 3.12 HTML Injection

NetCat CMS 3.12 HTML Injection Security Vulnerabilities Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities Product: NetCat CMS Content Management System Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version: 3.12...

Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Siemens SIMATIC S7-1200 Improper Input Validation Vulnerabilities

OVERVIEW Siemens has reported two improper input validation vulnerabilities discovered separately by Prof. Dr. Hartmut Pohl of softScheck GmbH and Arne Vidström of Swedish Defence Research Agency FOI in Siemens’ SIMATIC S7-1200 PLC. Siemens has produced a new version that mitigates these...

Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

Cisco Integrated Management Controller Privilege Escalation Vulnerability

Cisco Integrated Management Controller contains a vulnerability that could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the map-nfs command. An attacker could exploit this vulnerability by sendin...

VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read

No description provided by source. Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product:...

VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read

VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor:...

VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read

Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...

VMWare vmx86.sys Arbitrary Kernel Read

Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...

VMWare vmx86.sys Arbitrary Kernel Read

Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273 Platform: Microsoft Windows XP SP3 x86, Microsoft Windows Server 2003 SP2 x86, Microsoft Windows 7 SP1 x86 CWE Classification: CWE-20: Improper Input Validation Impact: Arbitrary Read,...