CVE-2018-18997

The CVE-2018-18997 issue affects ABB GATE-E1 and GATE-E2 gateway Ethernet devices used in Pluto Safety PLC systems. The vulnerability stems from Improper Neutralization of Input During Web Page Generation (CWE-79): via the administrative web interface, an unauthenticated attacker can insert an HT...

Apache Portals Pluto Remote Code Execution (CVE-2018-1306)

A vulnerability exists in Apache Portals Pluto, The vulnerability is due to improper handling of http methods. A remote attacker can exploit this vulnerability by submitting a crafted request to the target server...

Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit

Exploit for windows platform in category web applications Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Window...

Apache Portals Pluto 3.0.0 Remote Code Execution

Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested...

Apache Pluto Information Disclosure Vulnerability

Apache Pluto is the United States Apache Apache Software Foundation set of Portlet container runtime environment. An information disclosure vulnerability exists in the PortletV3AnnotatedDemo Multipart Portlet war file code in Apache Pluto version 3.0.0, which stems from the program's failure to...

Design/Logic Flaw

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

CVE-2018-1306

Apache Pluto (Portals Pluto) 3.0.0, specifically the PortletV3AnnotatedDemo Multipart Portlet WAR, is affected. The root cause is failure to restrict path information during file uploads, leading to information disclosure of configuration data and other sensitive files. The CVE-2018-1306 entry in...

Multiple Marel Unauthorized Access Vulnerabilities

Marel is a supplier of state-of-the-art equipment, systems and services to the meat processing industry. Multiple Marel unauthorized access vulnerabilities can be exploited by attackers to access systems using the Pluto platform...

Libreswan Denial of Service Vulnerability (CNVD-2017-13245)

Libreswan is an IPsec implementation similar to Openswan, which is mainly used to ensure security, integrity issues in data transmission. A security vulnerability exists in Libreswan versions prior to 3.18. A remote attacker can exploit this vulnerability to cause a denial of service null pointer...

CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service NULL pointer dereference and pluto daemon restart...

CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service NULL pointer dereference and pluto daemon restart...

CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service NULL pointer dereference and pluto daemon restart...

CVE-2016-5391

libreswan before 3.18 allows remote attackers to cause a denial of service NULL pointer dereference and pluto daemon restart...

PT-2017-8714 · Libreswan · Libreswan

Name of the Vulnerable Software and Affected Versions: libreswan versions prior to 3.18 Description: The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and a restart of the pluto daemon. Recommendations: For versions prior to 3.18, update to...

Marel Food Processing Systems (Update B)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload, Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled...

libreswan security and bug fix update

3.15-8.0.1 - add libreswan-oracle.patch to detect Oracle Linux distro 3.15-8 - Resolves: rhbz1361721 libreswan pluto segfault UPDATED - Resolves: rhbz1276524 USGv6 IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request UPDATED - Resolves: rhbz1309764 ipsec barf additional man...