42 matches found
EUVD-2017-14305
Malware in sbrugna...
EUVD-2017-14306
Malware in sbrugna...
Bluetooth Replay Vulnerability in LEM Smart Band S10
LEM smart bracelet is a smart bracelet produced by Shenzhen Lingmeng Technology Co., Ltd, which can collect the user's steps, blood pressure, heart rate and other health data, as well as set alarm reminders bracelet vibration and other functions. LEM Smart Bracelet S10 has a Bluetooth replay...
Solarwinds LEM Insecure Update Process
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Multiple Affected Version: Multiple Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control, CWE-346: Origin Validation Error Impact: Counterfeit Product Downloads Attack vector: HTTP 2. Vulnerability...
Solarwinds LEM 6.3.1 Hardcoded Credentials
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials Title: Solarwinds LEM Hardcoded Credentials Advisory ID: KL-001-2017-015 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-015.txt 1. Vulnerability Details Affected Vendor: Solarwinds...
Solarwinds LEM Hardcoded Credentials
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Unintended Access Attack vector: Local 2. Vulnerability Description The...
SolarWinds Log & Event Manager Security Bypass Vulnerability
SolarWinds Log and Event Manager LEM is a log and event manager from SolarWinds, Inc. that provides real-time log analysis, memory event correlation, and threat attack response. A security vulnerability exists in SolarWinds LEM versions prior to 6.3.1 Hotfix 4. An attacker could exploit the...
Solarwinds LEM Management Shell Arbitrary File Read
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-36: Absolute Path Traversal Impact: Information Disclosure Attack vector: SSH 2. Vulnerability Description The...
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path Title: Solarwinds LEM Privilege Escalation via Controlled Sudo Path Advisory ID: KL-001-2017-005 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-005.txt 1...
Solarwinds LEM Management Shell Escape via Command Injection
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command Impact: Privileged Access Attack vector: SSH...
Solarwinds LEM 6.3.1 Hardcoded Credentials
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1...
Solarwinds LEM 6.3.1 Shell Escape Command Injection
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection Title: Solarwinds LEM Management Shell Escape via Command Injection Advisory ID: KL-001-2017-007 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt 1...
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read Title: Solarwinds LEM Management Shell Arbitrary File Read Advisory ID: KL-001-2017-008 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-008.txt 1. Vulnerability Details...
Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact: Privileged Access Attack vector: SSH 2. Vulnerability Description An...
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse Advisory ID: KL-001-2017-006 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt 1. Vulnerabili...
CVE-2017-7722
CVE-2017-7722 affects SolarWinds Log & Event Manager (LEM) versions before 6.3.1 Hotfix 4. The vulnerability resides in the restrictssh portion of the menuing script used when SSH is accessed with the default credentials (username: cmc, password). Exploitation can escape the restricted shell via ...
CVE-2017-7647
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands...
Design/Logic Flaw
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
CVE-2017-7646
SolarWinds Log & Event Manager (LEM) prior to 6.3.1 Hotfix 4 allows an authenticated user to browse the server filesystem and read arbitrary files. Risk details are not expanded beyond this description in the provided documents. Remediation: upgrade to 6.3.1 Hotfix 4 or newer where indicated.
CVE-2017-7647
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands...