35 matches found
CVE-2023-1862 Remote access to warp-svc.exe in Cloudflare WARP
Cloudflare WARP client for Windows up to v2023.3.381.0 allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining...
CVE-2023-1862
Cloudflare WARP client for Windows up to v2023.3.381.0 allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining...
The vulnerability of the Telnet component of the FortiTester software-defined infrastructure for diagnosing and auditing computer networks allows attackers to circumvent existing security restrictions through brute-force attacks.
The vulnerability of the Telnet component in the software-hardware environment for diagnosing and auditing computer networks, FortiTester, relates to the possibility of executing unauthorized code or commands. Exploiting this vulnerability allows a malicious actor to circumvent existing security...
Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine aircraft monitoring application, which allows a violator to execute arbitrary commands
The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine monitoring application exists because measures are not taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...
BrightSign Digital Signage (4k242) Cross-Site Scripting Vulnerability
BrightSign Digital Signage 4k242 is a set of digital signage multimedia playback devices from BrightSign USA. A cross-site scripting vulnerability exists in BrightSign Digital Signage 4k242 using firmware version 6.2.63 and earlier, which stems from the program failing to validate user input. A...
BrightSign Digital Signage XSS / Traversal / File Upload
Exploit Title: BrightSign Digital Signage Multiple Vulnerabilities Date: 12/15/17 Exploit Author: [email protected] Vectors: XSS, Directory Traversal, File Modification, Information Leakage The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below suffers from multiple...
Code injection
The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below has XSS via the REF parameter to /networkdiagnostics.html or /storageinfo.html...
Command injection
The network diagnostics tool CommandLineServlet in the Appliance Manager command line utility CLU in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command...
CVE-2015-2746
The network diagnostics tool CommandLineServlet in the Appliance Manager command line utility CLU in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command...
CVE-2015-2746
The CVE-2015-2746 entry applies to Websense TRITON AP-WEB 7.8.3 and V-Series appliances (pre-7.8.4 Hotfix 02). The vulnerability is a command-injection in the Appliance Manager CommandLineServlet where remote authenticated users can inject shell metacharacters via the second parameter (demonstrat...
zAnti - Android Penetration Testing Toolkit (Free!)
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...
Mobile Security Audit: zANTI
zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety zANTI offers a host of penetration-testing features, including...
RedHat Update for ibutils RHSA-2012:0311-03
Check for the Version of ibutils OpenVAS Vulnerability Test RedHat Update for ibutils RHSA-2012:0311-03 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
LBL Traceroute 1.4 a5 - Heap Corruption (2)
// source: https://www.securityfocus.com/bid/1739/info Traceroute is a well-known network diagnostic tool used for analyzing the path on a network between two hosts. On unix systems, traceroute is typically installed setuid root because of its use of raw sockets. Certain versions of LBNL tracerou...