71 matches found
Design/Logic Flaw
A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An...
CVE-2018-5553
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access...
CVE-2018-5553
The connected advisories confirm CVE-2018-5553 affects Crestron Console services on DGE-100, DM-DGE-200-C, and TS-1542-C devices. The flaw enables remote command injection via the PING command due to improper input validation, allowing code execution with root privileges. Exploitation requires no...
Security Bulletin: DB2 local escalation of privilege vulnerability affects IBM Tivoli Storage Manager Server (CVE-2015-1947)
Summary IBM Tivoli Storage Manager IBM Spectrum Protect Server is affected by an IBM DB2 software vulnerability that can result in a local user gaining root level access to which the user is not entitled. Vulnerability Details CVEID: CVE-2015-1947 DESCRIPTION: IBM DB2 software is vulnerable to a...
Cisco Integrated Management Controller Remote Code Execution Vulnerability
A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability exists because the affected software does not sufficiently sanitize specifi...
Vulnerability and early warning: based on the RedHat distribution of Apache Tomcat local to mention the right vulnerability-vulnerability warning-the black bar safety net
Description Tomcat recently always want to engage in some big news, a month are not to, Tomcat and burst vulnerability. 2 0 1 6 1 0 On 1 1 December, online broke the Tomcat local to mention the right vulnerability, vulnerability number CVE-2 0 1 6-5 4 2 and 5. This affected mainly is based on the...
Thunderstrike 2 Mac OS X Firmware Worm
A new attack against Intel firmware running in Apple computers is expected to be unveiled at this week’s Black Hat conference. The research is an extension of the Thunderstrike Mac OS X firmware bootkit disclosed this spring that enables the undetectable installation of malicious firmware that...
Linux Australia Breached by Hackers
Linux Australia, a consortium in charge of organizing Linux conferences Down Under, acknowledged over the weekend it was breached by attackers who were able to secure access to one of its servers, and with it, potential user information. In a detailed email to users on Saturday, the group’s...
Gap Widens Between Attackers, BIOS Forensics, Research
Vendors have made important strides in locking down operating systems, patching memory-related vulnerabilities and other bugs that could lead to remote code execution or give hackers a stealthy presence on a machine. As the hurdles get higher for the bad guys, the better ones will certainly look...
Undocumented Test Interface in Cisco Small Business Devices
A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Note: Additional research...
Default Password (debug) for 'user' Account
The account 'user' on the remote host has the password 'debug'. An attacker may use it to gain further privileges on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "user"; password = "debug"; include'deprecatednasllevel.inc'; include'compat.inc'; if description...