Unauthorized Container Shutdown In ServerMigrationCoordinator

Application: Oracle PeopleSoft Versions Affected: PeopleSoft FSCM 9.2 Vendor: Oracle Bug: Missing Authentication for Critical Function Reported: 16.03.2017 Vendor response: 17.03.2017 Date of Public Advisory: 18.07.2017 Reference: Oracle CPU July 2017 Authors: Vahagn Vardanyan ERPScan VULNERABILI...

SAP POS Missing Authentication in XpressServer

Application: SAP POS Xpress Server Vendor URL: SAP Bugs: Missing Authentication Reported: 03.04.2017 Vendor response: 04.04.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: Missing Authentication Check...

SAP Hostcontrol unprotected web method / DOS

Application: SAP Host Agent Versions Affected: SAP Host Agent 7.21 Vendor URL: SAP Bugs: Missing Authentication Reported: 27.02.2017 Vendor response: 28.02.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2442993 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...

Hughes satellite modems contain multiple vulnerabilities

Overview Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured. Description Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to the following issues if not...

PT-2017-4199 · Apache +2 · Apache Zookeeper +2

Name of the Vulnerable Software and Affected Versions: Apache ZooKeeper versions prior to 3.4.10 Apache ZooKeeper versions prior to 3.5.3 Description: The issue is related to the lack of authentication for a critical function in the implementation of the wchp/wchc command in Apache ZooKeeper, whi...

Beta Firmware Updates Available for Vulnerable Netgear Routers

Netgear has begun pushing out beta versions of firmware updates that will address a critical vulnerability that was disclosed late last week. The networking vendor also confirmed that many more routers in its Nighthawk line are vulnerable than originally reported. The flaw allows attackers to car...

TP-LINK TDDP - Multiple Vulnerabilities

Exploit for hardware platform in category dos / poc 1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-1...

TP-LINK TDDP Buffer Overflow / Missing Authentication

Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode: User...

TP-LINK TDDP - Multiple Vulnerabilities

Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode: User...

TP-LINK TDDP Multiple Vulnerabilities

1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL:https://www.coresecurity.com/core-labs/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode:...

Zizai Tech Nut contains multiple vulnerabilities

Overview Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6547The Nut mobile app stores the account password used to authenticate to the cloud API in...

iTrack Easy contains multiple vulnerabilities

Overview iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-200: Information Exposure - CVE-2016-6542The iTrack device tracking ID number is the device's BLE MAC address. It can be obtained by being in range of the...

TrackR Bravo contains multiple vulnerabilities

Overview TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Description CWE-313:Cleartext Storage in a File or on Disk - CVE-2016-6538The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in...

HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

HP Data Protector missing authentication

Added: 05/31/2016 CVE: CVE-2016-2004 Background HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. Problem Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote...

Lantronix xPrintServer contains multiple vulnerabilities

Overview The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Description CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' - CVE-2014-9002An unauthenticated attacker can include a shell command inside the 'c'...

Tollgrade Smart Grid EMS LightHouse Vulnerabilities

OVERVIEW Ashish Kamble of Qualys, Inc. has identified vulnerabilities in Tollgrade Communications, Inc.’s Smart Grid LightHouse Sensor Management System SMS Software EMS. Tollgrade has produced a new version to mitigate these vulnerabilities. Ashish Kamble has tested the new version to validate...

Apache ActiveMQ Shutdown Command Denial of Service (CVE-2014-3576)

A denial of service vulnerability exists in Apache ActiveMQ. The vulnerability is due to missing authentication for the undocumented shutdown command. A remote, unauthenticated attacker may exploit this vulnerability by sending crafted packets to the server. Successful exploitation could lead to ...

we7cms file upload vulnerability

we7cms is a content management system based on asp.net development. we7cms V3.0 system file upload vulnerability, the vulnerability is mainly caused by information leakage of the background upload service exposure, the uploaded service failed to get the identity verification, and the file format...

CVE-2015-7931

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support...