63 matches found
CVE-2023-44315
A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...
CVE-2023-44315
A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...
Siemens SINEMA Server 跨站脚本漏洞
Siemens SINEMA Server is a software from Siemens, Germany, developed specifically for industrial applications. It enables you to fully visualize and monitor your network. A cross-site scripting vulnerability exists in Siemens SINEMA Server V14 due to an affected application incorrectly clearing...
PT-2023-7123 · Siemens · Sinema Server
Name of the Vulnerable Software and Affected Versions: SINEMA Server V14 All versions Description: A vulnerability has been identified in the SINEMA Server application, where it improperly sanitizes certain SNMP configuration data retrieved from monitored devices. This could allow an attacker wit...
CVE-2023-38201 Keylime: challenge-response protocol bypass during agent registration
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...
New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security
Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including securi...
Softing uaToolkit Embedded 安全漏洞
Softing UaToolkit Embedded is used to support the development of embedded Opc Ua applications via client/server and publisher/subscriber communication by Softing Germany. A security vulnerability exists in Softing uaToolkit Embedded prior to version 1.41, which stems from an incorrectly formatted...
PT-2023-1148 · Cisco · Cisco Industrial Network Director
Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the monitoring application could allow an authenticated, local attacker to access a static secret key used to store both local data and...
net-mgmt/cacti is vulnerable to remote command injection
cacti team reports: A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device...
CVE-2022-31199
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and...
GHSA-FPH9-F5R6-VHQF Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
Impact Denial of Service Details OPC UA specification describes a concept named Subscriptions. Subscriptions monitor a set of Monitored Items for Notifications and return them to the Client in response to Publish requests. The server notifies the client about changes only in case the value is...
Design/Logic Flaw
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles...
CVE-2022-27968
Cynet 360 Web Portal prior to v4.5 is vulnerable. Affected component: the GET endpoint /WebApp/SettingsFileMonitor/GetFileMonitorProfiles allows attackers to access a list of monitored files and profiles through a crafted request. Root cause: insufficient access control on the GetFileMonitorProfi...
Design/Logic Flaw
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery enterprise editions only were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the us...
Authentication flaw
WebAccess/NMS Versions prior to v3.0.3Build6299 has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS...
CVE-2021-20028
creationtimestamp| type| source ---|---|--- 2021-08-04 23:23:38+00:00| seen| https://t.me/cibsecurity/26843 2022-01-26 18:54:27+00:00| published-proof-of-concept| https://t.me/arvinclub/5154 2022-02-13 11:48:22+00:00| seen| https://t.me/breachdetector/45993 2023-06-14 21:10:04+00:00| seen|...
McAfee 数据库 跨站脚本漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...
openGauss: Avoiding Asterisks (*) or 0.0.0.0 in Monitored IP Addresses
Monitored IP addresses must not contain asterisks or 0.0.0.0 because an asterisk or 0.0.0.0 indicates that all available IP addresses will be monitored. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
System Center 2012 Operations Manager SP1 Update Rollup 5
System Center 2012 Operations Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Operations Manager Service Pack 1 SP1. Additionally, this article contains the installation instructions for Update Rollup 5...
Xymon Daemon Gather Information
This module retrieves information from a Xymon daemon service formerly Hobbit, based on Big Brother, including server configuration information, a list of monitored hosts, and associated client log for each host. This module also retrieves usernames and password hashes from the xymonpasswd config...