Lucene search
K

7925 matches found

Cvelist
Cvelist
added 2018/07/06 1:0 p.m.15 views

CVE-2017-2665

The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plai...

4.8CVSS6.9AI score0.00327EPSS
Exploits0References2
CVE
CVE
added 2018/07/06 1:0 p.m.79 views

CVE-2017-2665

CVE-2017-2665 involves the skyring-setup script writing the MongoDB password to /etc/skyring/skyring.conf in plaintext, where the file is root-owned but readable by local users. This allows any local user with system access to obtain the password, exposing the Skyring database. Affected component...

7CVSS6.8AI score0.00327EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/07/02 6:0 p.m.233 views

CVE-2018-1113

CVE-2018-1113 summary (in provided documents): The Fedora/RHEL setup package before version 2.11.4-1.fc28 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This undermines assumptions in pam_shells and some daemons that rely on a user’s shell being listed in /etc/shells, and under certain...

5.3CVSS5.3AI score0.00315EPSS
Exploits0References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2018/06/28 12:0 a.m.4 views

Fuzzer SMB Session Setup Invalid Username - Ver2

A vulnerability exists in Fuzzer. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

4.9AI score
Exploits0
exploitpack
exploitpack
added 2018/06/28 12:0 a.m.34 views

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/28 12:0 a.m.65 views

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting

Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category: Hardware Exploit Author: Adipta Basu Tested on: Mac OS High...

7.4AI score
Exploits0
Citrix
Citrix
added 2018/06/28 12:0 a.m.10 views

Hardware Acceleration for Linux endpoints with AMD GPUs

Starting from version 2.5,HDX RTME supports hardware acceleration for video compression on Linux thin clients or fat clients with AMD GPU. Specifically, for video encoding RTME uses VCE 2.0 or higher. Video decoding has limited support because of some technical limitations, and it is disabled in...

6.8AI score
Exploits0
OSV
OSV
added 2018/06/26 2:29 p.m.4 views

CVE-2018-0563

Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecifi...

7.8CVSS5.8AI score0.01052EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/06/26 12:0 a.m.10 views

Microsoft Windows: Specify the maximum log file size (Setup)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsetupmaxlogsize.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Specify the maximum log file size Setup Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This progr...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/26 12:0 a.m.30 views

Microsoft Windows: BitLocker-protected removable drives recovery (wizard)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmbitlockerrecoverywizard.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard Authors: Emanuel Mos...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/26 12:0 a.m.21 views

Microsoft Windows: Event Log behavior when log file reaches its max size (Setup)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsetupretention.nasl 10989 2018-08-15 14:57:51Z emoss $ Check value for Setup: Control Event Log behavior when the log file reaches its maximum size Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/25 12:0 a.m.37 views

Microsoft Windows: Block SBP-2 Driver and Thunderbolt controllers (Driver Setup Class)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windenysbp2thunderboltdriver.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Blocking the SBP-2 driver and Thunderbolt controllers Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
CNVD
CNVD
added 2018/06/25 12:0 a.m.2 views

TP-Link TL-WA850RE Remote Arbitrary Code Execution Vulnerability

The TP-Link TL-WA850RE is a wireless extender. A remote arbitrary code execution vulnerability exists in the TP-Link TL-WA850RE Wi-Fi Range Extender using TL-WA850RE v5 firmware. A remote attacker can exploit this vulnerability by sending the 'wpssetuppin' parameter with shell metacharacters to t...

8.8CVSS9.2AI score0.29144EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2018/06/25 12:0 a.m.17 views

Microsoft Windows: Prevent installation of devices also to already installed (Driver Setup Class)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windenydriversalreadyinstalled.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/25 12:0 a.m.17 views

Microsoft Windows: Recovering of BitLocker-protected fixed drives (Setup Wizard)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winbitlockerrecoverywizard.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard Authors: Emanuel Moss...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/25 12:0 a.m.13 views

Microsoft Windows: Prevent installation of devices (device setup classes)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windenydriverssetupclasses.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prevent installation of devices using drivers that match these device setup classes Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbon...

0.2AI score
Exploits0
Prion
Prion
added 2018/06/23 9:29 p.m.20 views

Code injection

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wpssetuppin parameter to /data/wps.setup.json...

6.5CVSS8.7AI score0.29144EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:15 p.m.34 views

Security Bulletin: Flexera InstallAnywhere DLL-planting vulnerability affects IBM Enterprise Records Installers (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...

7.8CVSS1.1AI score0.00537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:42 p.m.27 views

Security Bulletin: InstallShield and InstallAnywhere vulnerabilities affect IBM Security Guardium Data Redaction (CVE-2016-2542)

Summary Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated...

7.8CVSS2.6AI score0.00503EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/06/15 2:29 p.m.20 views

CVE-2018-12457

expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header...

8.8CVSS8.8AI score
Exploits0References3
Rows per page
Query Builder