174 matches found
Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...
CVE-2020-10214
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...
Omron PLC 1.0.0 Denial Of Service
Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Google Dork: n/a Date: 2019-12-06 Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 : Unrestricted Externally Accessible Lock CVE :...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the D-Link DSL-6740U gateway Rev. H1 allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to 1 Custom Services in Port Forwarding, 2...
CVE-2013-6811
The CVE affects the D-Link DSL-6740U gateway (Rev. H1); multiple CSRF vulnerabilities allow remote attackers to hijack administrator sessions and perform changes to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings,...
CVE-2018-19989
In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...
CVE-2018-19988
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...
Sql injection
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection...
CVE-2019-6491
CVE-2019-6491 affects RISI Gestao de Horarios v3201.09.08 rev.23 and is a SQL injection vulnerability. CVSSv3 base score 8.8 (HIGH): NETWORK, LOW attack complexity, PRIVs LOW, no user interaction; impacts Confidentiality, Integrity, Availability (HIGH). CVSSv2 base 6.5 (MEDIUM). No remediation de...
AVEVA Wonderware System Platform
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Wonderware System Platform Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User...
CVE-2018-7691 MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center SSC, versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access...
Carbon Black’s Susan An Named to Rev Boston’s 2018 Top 20 Women List
It is a great honor to announce that Rev Boston recently listed Susan An, Senior Director of Corporate Sales at Carbon Black, on its annual ‘Top 20 Women’ list. Susan is part of the fourth cohort of women to be acknowledged by Rev Boston, an event and award recognizing the top women in technology...
CVE-2018-6504 MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability
A potential Cross-Site Request Forgery CSRF vulnerability has been identified in ArcSight Management Center ArcMC in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery CSRF...
CVE-2018-6491 MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege...
Design/Logic Flaw
D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php...
CVE-2018-10106
D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0aPOSTSERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZEDGROUP%3D1 request...
CVE-2018-10108
The CVE-2018-10108 entry covers a cross-site scripting (XSS) vulnerability in D-Link DIR-815 REV. B devices, reported to affect firmware up to DIR-815_REVB_FIRMWARE_PATCH_2.07.B01, specifically in the Treturn parameter of /htdocs/webinc/js/bsc_sms_inbox.php. Public sources in the connected data c...
CVE-2018-10107
Affected product: D-Link DIR-815 Rev. B (firmware through 2.07.B01). Vulnerable component: /htdocs/webinc/js/info.php, specifically the RESULT parameter, due to inadequate input/page protection that enables cross-site scripting. Impact: an attacker could exploit the XSS to obtain authentication c...
victorsport.com XSS vulnerability
Open Bug Bounty ID: OBB-591840 Description| Value ---|--- Affected Website:| victorsport.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...