7925 matches found
CVE-2017-2665
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plai...
CVE-2017-2665
CVE-2017-2665 involves the skyring-setup script writing the MongoDB password to /etc/skyring/skyring.conf in plaintext, where the file is root-owned but readable by local users. This allows any local user with system access to obtain the password, exposing the Skyring database. Affected component...
CVE-2018-1113
CVE-2018-1113 summary (in provided documents): The Fedora/RHEL setup package before version 2.11.4-1.fc28 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This undermines assumptions in pam_shells and some daemons that rely on a user’s shell being listed in /etc/shells, and under certain...
Fuzzer SMB Session Setup Invalid Username - Ver2
A vulnerability exists in Fuzzer. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category:...
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category: Hardware Exploit Author: Adipta Basu Tested on: Mac OS High...
Hardware Acceleration for Linux endpoints with AMD GPUs
Starting from version 2.5,HDX RTME supports hardware acceleration for video compression on Linux thin clients or fat clients with AMD GPU. Specifically, for video encoding RTME uses VCE 2.0 or higher. Video decoding has limited support because of some technical limitations, and it is disabled in...
CVE-2018-0563
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecifi...
Microsoft Windows: Specify the maximum log file size (Setup)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsetupmaxlogsize.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Specify the maximum log file size Setup Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This progr...
Microsoft Windows: BitLocker-protected removable drives recovery (wizard)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winrmbitlockerrecoverywizard.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard Authors: Emanuel Mos...
Microsoft Windows: Event Log behavior when log file reaches its max size (Setup)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsetupretention.nasl 10989 2018-08-15 14:57:51Z emoss $ Check value for Setup: Control Event Log behavior when the log file reaches its maximum size Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
Microsoft Windows: Block SBP-2 Driver and Thunderbolt controllers (Driver Setup Class)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: windenysbp2thunderboltdriver.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Blocking the SBP-2 driver and Thunderbolt controllers Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
TP-Link TL-WA850RE Remote Arbitrary Code Execution Vulnerability
The TP-Link TL-WA850RE is a wireless extender. A remote arbitrary code execution vulnerability exists in the TP-Link TL-WA850RE Wi-Fi Range Extender using TL-WA850RE v5 firmware. A remote attacker can exploit this vulnerability by sending the 'wpssetuppin' parameter with shell metacharacters to t...
Microsoft Windows: Prevent installation of devices also to already installed (Driver Setup Class)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: windenydriversalreadyinstalled.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already...
Microsoft Windows: Recovering of BitLocker-protected fixed drives (Setup Wizard)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winbitlockerrecoverywizard.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard Authors: Emanuel Moss...
Microsoft Windows: Prevent installation of devices (device setup classes)
This test checks the setting for policy OpenVAS Vulnerability Test $Id: windenydriverssetupclasses.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prevent installation of devices using drivers that match these device setup classes Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbon...
Code injection
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wpssetuppin parameter to /data/wps.setup.json...
Security Bulletin: Flexera InstallAnywhere DLL-planting vulnerability affects IBM Enterprise Records Installers (CVE-2016-4560)
Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...
Security Bulletin: InstallShield and InstallAnywhere vulnerabilities affect IBM Security Guardium Data Redaction (CVE-2016-2542)
Summary Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated...
CVE-2018-12457
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header...