CVE-2017-7636

Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-7637

QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...

CVE-2017-7639

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...

CVE-2017-7636

Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-7635

The CVE-2017-7635 entry concerns QNAP NAS Proxy Server (versions up to 1.2.0) that does not utilize CSRF protections. This lack enables CSRF-style abuse against affected installations, potentially allowing unauthorized state-changing actions initiated by an authenticated user’s session. The provi...

CVE-2017-7637

QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...

CVE-2017-7636

CVE-2017-7636 is a cross‑site scripting (XSS) vulnerability in the QNAP NAS Proxy Server up to version 1.2.0. The issue enables remote attackers to inject arbitrary web script or HTML into pages served by the Proxy Server. The vulnerability is exploitable remotely over the network, with user inte...

CVE-2017-7639

CVE-2017-7639 affects the QNAP NAS application Proxy Server up to version 1.2.0. The issue is improper authentication of requests, enabling potential unauthorized changes to Proxy Server settings. No remediation steps are provided in the documents. CVSS metrics are listed: CVSSv2 base 5.0 (Medium...

CVE-2017-7637

CVE-2017-7637 affects QNAP NAS Proxy Server up to version 1.2.0. The vulnerability permits remote attackers to execute arbitrary OS commands with root privileges on affected systems. The records describe the vulnerable component as the Proxy Server and indicate a remote-command execution impact; ...

CVE-2017-7636

Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-7639

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...

CVE-2017-7635

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

Remote code execution

DISPUTED An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment...

CVE-2018-10682

CVE-2018-10682/10683 (WildFly 10.1.2.Final) : Red Hat entries provide concrete detail that an attacker could access the administration panel on TCP port 9990 without authentication via an optional, potentially unsecured anonymous access path, followed by a misconfiguration (auto-deployment) enabl...

Socks5 Proxy Server

This module provides a socks5 proxy server that uses the builtin Metasploit routing to relay connections...

DEBIAN-CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

UBUNTU-CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...

UBUNTU-CVE-2017-2825

In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this...

DEBIAN-CVE-2017-2825

In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this...

Solaris 10 (x86) : 120982-25

Sun Java System Web Proxy Server 4.0.17, x86 SVR4 patch: Mainte. Date this patch was last updated by Sun : Jul/01/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...