548 matches found
CVE-2020-6986
In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result...
CVE-2020-2604
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
What Makes Island Hopping a Formidable Threat?
Island hopping is a technique used by cybercriminals to exploit less sophisticated organizations in order to breach their larger affiliates. Attackers use vulnerabilities in the first company’s defenses as a point of entry to the second. This is no small threat. In fact, half of cyber attacks tod...
Design/Logic Flaw
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...
CVE-2019-2946
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286)
Vulnerability in the Java SE product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...
LabCollector 5.423 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author:...
LabCollector 5.423 - SQL Injection
LabCollector 5.423 - SQL Injection Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Date: 09/09/2019 Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author:...
CVE-2019-10141
OpenStack Ironic Inspector (ironic-inspector) contains a SQL injection in node_cache.find_node() that uses unfiltered data from the /v1/continue POST. This API is unauthenticated, so an attacker with network access could exploit it to cause denial of service; data exfiltration is unlikely per the...
CVE-2018-2883
Vulnerability in the Oracle Retail Xstore Office component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 7.0 and 7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retai...
CVE-2019-1010275
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm many files updated, see...
The vulnerability of the Network-Based Application Recognition technology implementation in Cisco IOS and Cisco IOS XE operating systems allows attackers to trigger a service failure.
The vulnerability of the Network-Based Application Recognition technology in Cisco IOS and Cisco IOS XE operating systems exists due to errors in syntactic analysis of DNS packets. Exploiting this vulnerability allows a malicious actor, who has not undergone authentication checks, to trigger a...
The vulnerability of the Network-Based Application Recognition technology implementation in Cisco IOS and Cisco IOS XE operating systems allows attackers to trigger a service failure.
The vulnerability of the Network-Based Application Recognition technology in Cisco IOS and Cisco IOS XE operating systems exists due to errors in syntactic analysis of DNS packets. Exploiting this vulnerability allows a malicious actor, who has not undergone authentication checks, to trigger a...
The vulnerability of the Network-Based Application Recognition technology implementation in Cisco IOS and Cisco IOS XE operating systems allows attackers to trigger a service failure.
The vulnerability of the Network-Based Application Recognition technology in Cisco IOS and Cisco IOS XE operating systems exists due to errors in syntactic analysis of DNS packets. Exploiting this vulnerability allows a malicious actor, who has not undergone authentication checks, to trigger a...
The vulnerability of the Network-Based Application Recognition technology in Cisco IOS and Cisco IOS XE operating systems allows a hacker to trigger a service failure.
The vulnerability of the Network-Based Application Recognition technology in Cisco IOS and Cisco IOS XE operating systems exists due to errors in syntactic analysis of DNS packets. Exploiting this vulnerability allows a malicious actor, who has not undergone authentication checks, to trigger a...
Cisco IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities
According to its self-reported version, Cisco IOS XE Software is affected by following multiple vulnerabilities - Multiple vulnerabilities in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to...
Race condition
A vulnerability in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit...
CVE-2019-1738
A vulnerability in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a parsing issue on DNS packets. An attacker could exploit...
CVE-2019-1740
A vulnerability in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit...
Cisco IOS and IOS XE Input Validation Vulnerability
Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. An input validation vulnerability exists in the Network-Based Application Recognition NBAR feature in Cisco IOS and IOS XE, which stems from a parsing problem in the program that could be exploited by ...