2927 matches found
[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities
Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...
InFocus IN3128HD Projector Missing Authentication
Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...
InFocus IN3128HD Projector Missing Authentication Vulnerability
The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable. 1. Adviso...
InFocus IN3128HD Projector Multiple Vulnerabilities
Advisory ID Internal CORE-2015-0008 1. Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted: InFocus Release mode: User release 2. Vulnerability Information Class:...
Persistent Systems Radia Client Automation Command Execution - Ver2 (CVE-2015-1497)
A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...
WordPress WPML Missing Authentication
One more vulnerability reported on March 02 and fixed in version 3.1.9: 4. Unauthenticated administrative functions An unauthenticated attacker may under certain conditions bypass WPML's nonce check and perform administrative functions. The administrative ajax functions are protected with nonces ...
Persistent Systems Radia Client Automation Command Execution (CVE-2015-1497)
A command execution vulnerability exists in Persistent Systems Radia Client Automation. The vulnerability is due to missing authentication while processing requests to the radexecd process. A remote unauthenticated attacker can exploit this vulnerability by sending crafted requests to the affecte...
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...
ntp: automatic generation of weak default key in config_auth()
It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc...
BMC Track-It! contains multiple vulnerabilities
Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities Description CWE-306: Missing Authentication for Critical Function -CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke...
Iridium Pilot and OpenPort contain multiple vulnerabilities
Overview Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials CWE-798. Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perfo...
Bitdefender GravityZone < 5.1.11.432 Information Disclosure
The Bitdefender GravityZone install hosted on the remote web server has a directory traversal vulnerability. Input to the 'id' parameter of the '/webservice/CORE/downloadFullKitEpc/a/1' script is not properly sanitized. A remote attacker could exploit this issue to download arbitrary files, subje...
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-3 ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: 5.1.11.432 fixed version:...
Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities
Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities. product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact: critical homepage: http://www.bitdefender.com found:...
Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20140716-3 ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: 5.1.11.432 fixed version: =5.1.11.432...
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell
No description provided by source. Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Functio...
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell
Exploit for hardware platform in category web applications Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing...
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing...
Allied Telesis AT-RG634A Unauthenticated Webshell
Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Function Affected products: - Allied Teles...
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Function Affected products: - Allied Teles...