125 matches found
Devolutions Server SQL Injection Vulnerability
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...
OpenClinic GA Web portal SQL injection vulnerability in 'manageServiceStocks.jsp' page
Summary An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...
IBM FileNet Content Manager Cross-Site Request Forgery Vulnerability
IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM USA. The solution combines document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, and more. IBM FileNet Content Manager suffers from a...
Grocy 2.7.1 Cross Site Scripting
Exploit Title: grocy 2.7.1 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 Proof Of Concept: grocy household management solution...
How To Migrate from Device Administration to Android Enterprise
This article discusses considerations and recommendations for migrating from legacy Android device administration to Android Enterprise. Google is deprecating the Android Device Administration API. That API supported enterprise apps on Android devices. Android Enterprise is the modern management...
Important: Red Hat Bug Fix Advisory: Satellite 6.6.3 Async Bug Fix Update
Updated Satellite 6.6 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...
Zoho Releases Security Update on ManageEngine Desktop Central
Zoho has released a security update on a vulnerability CVE-2020-10189 affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine Desktop Central is a unified endpoint management solution...
Microsoft identity acronyms—what do they mean and how do they relate to each other?
As a security advisor working with one to three Chief Information Security Officers CISOs each week, the topic of identity comes up often. These are smart people who have often been in industry for decades. They have their own vocabulary of acronyms that only security professionals know such as...
IBM Security Secret Server Input Validation Error Vulnerability
IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An input validation error vulnerability exists in IBM Security Secret Serve...
Adobe Releases First 2020 Patch Tuesday Software Updates
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users...
F5 BIG-IP and F5 BIG-IQ Centralized Management Information Disclosure Vulnerability
F5 BIG-IP and F5 BIG-IQ Centralized Management are both products of F5 Corporation in the U.S. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ Centralized Management is a suite of...
HMS Netbiter WS100 3.30.5 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2018-042 Product: Netbiter WS100 Manufacturer: HMS Industrial Networks AB Affected Versions: 3.30.5 = Tested Versions: 3.30.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Low Solution Status: Fixed Manufacturer...
AlgoSec Detection
Detection of AlgoSec Security Management Solution. The script sends a connection request to the server and attempts to detect AlgoSec and to extract its version. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted...
Juniper Junos Space Elevation of Privilege Vulnerability
Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. An elevation of privilege vulnerability exists in Juniper Junos Space. A local attacker cou...
Cisco Prime LAN Management Solution Session Fixation Vulnerability
According to its self-reported version, the Cisco Prime LAN Management Solution LMS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. C Tenable Network Security, Inc. include"compat.inc"; if description...
CVE-2017-12225
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...
CVE-2017-12225
CVE-2017-12225 affects Cisco Prime LAN Management Solution (LMS) session handling. The issue arises from reusing a preauthentication session token in the postauthentication flow, allowing an authenticated remote attacker to hijack another user’s administrative session (Session Fixation). Affected...
CVE-2017-12225
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vulnerability
Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server. Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vendor: Schneider Electric SE...
Pelco VideoXpert 1.12.105 - Directory Traversal
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillance...