HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

Lantronix xPrintServer contains multiple vulnerabilities

Overview The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-9002An unauthenticated attacker can include a shell command inside the 'c'...

Tollgrade Smart Grid EMS LightHouse Vulnerabilities

OVERVIEW Ashish Kamble of Qualys, Inc. has identified vulnerabilities in Tollgrade Communications, Inc.’s Smart Grid LightHouse Sensor Management System SMS Software EMS. Tollgrade has produced a new version to mitigate these vulnerabilities. Ashish Kamble has tested the new version to validate...

Apache ActiveMQ Shutdown Command Denial of Service (CVE-2014-3576)

A denial of service vulnerability exists in Apache ActiveMQ. The vulnerability is due to missing authentication for the undocumented shutdown command. A remote, unauthenticated attacker may exploit this vulnerability by sending crafted packets to the server. Successful exploitation could lead to ...

we7cms file upload vulnerability

we7cms is a content management system based on asp.net development. we7cms V3.0 system file upload vulnerability, the vulnerability is mainly caused by information leakage of the background upload service exposure, the uploaded service failed to get the identity verification, and the file format...

CVE-2015-7931

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...

[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities

Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...

InFocus IN3128HD Projector Missing Authentication Vulnerability

The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable. 1. Adviso...

InFocus IN3128HD Projector Missing Authentication

Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...

InFocus IN3128HD Projector Multiple Vulnerabilities

Advisory ID Internal CORE-2015-0008 1. Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted: InFocus Release mode: User release 2. Vulnerability Information Class:...

Persistent Systems Radia Client Automation Command Execution - Ver2 (CVE-2015-1497)

A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...

WordPress WPML Missing Authentication

One more vulnerability reported on March 02 and fixed in version 3.1.9: 4. Unauthenticated administrative functions An unauthenticated attacker may under certain conditions bypass WPML's nonce check and perform administrative functions. The administrative ajax functions are protected with nonces ...

Persistent Systems Radia Client Automation Command Execution (CVE-2015-1497)

A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...

SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower

SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...

ntp: automatic generation of weak default key in config_auth()

It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc...

BMC Track-It! contains multiple vulnerabilities

Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function -CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke...

Iridium Pilot and OpenPort contain multiple vulnerabilities

Overview Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials CWE-798. Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perfo...

Bitdefender GravityZone < 5.1.11.432 Information Disclosure

The Bitdefender GravityZone install hosted on the remote web server has a directory traversal vulnerability. Input to the 'id' parameter of the '/webservice/CORE/downloadFullKitEpc/a/1' script is not properly sanitized. A remote attacker could exploit this issue to download arbitrary files, subje...

SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-3 ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: 5.1.11.432 fixed version:...