102 matches found
PT-2022-5212 · Adobe · Indesign
Name of the Vulnerable Software and Affected Versions: Adobe InDesign versions 16.4.2 and earlier Adobe InDesign versions 17.3 and earlier Description: The issue is related to an out-of-bounds read that could lead to disclosure of sensitive memory. An attacker could leverage this to bypass...
PT-2022-27960 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16.2 iPadOS versions prior to 16.2 macOS Ventura versions prior to 13.1 tvOS versions prior to 16.2 Description: The issue was addressed with improved bounds checks. Connecting to a malicious NFS server may lead to...
PT-2022-4130 · F5 · F5 Big-Ip +1
Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 13.1.x F5 BIG-IP versions 14.1.x through 14.1.5.0 F5 BIG-IP versions 15.1.x through 15.1.6.0 F5 BIG-IP versions 16.1.x through 16.1.3.0 F5 BIG-IP versions 17.0.x through 17.0.0.0 F5 BIG-IQ versions 7.x F5 BIG-IQ versions 8....
CVE-2022-24888 Possible Injection in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...
PT-2021-4619 · Cisco · Cisco Firepower Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software is related to improper...
PT-2021-3760
Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows versions prior to 15.2.3 HF2 Description A remote code execution vulnerability in the SolarWinds Serv-U product allows a threat actor to gain privileged access to the...
PT-2016-34: Password Recovery in Siemens SICAM PAS
The specialists of the Positive Research center have detected a Password Recovery vulnerability in Siemens SICAM PAS. Vulnerability in SICAM PAS allows local authenticated users to recover user passwords and access the database. How to fix Update your software up to the latest version Advisory...
PT-2016-03: SQL Injection in Advantech WebAccess
The specialists of the Positive Research center have detected an SQL Injection vulnerability in Advantech WebAccess. Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands to modify web server settings, accounts, and projects. How to fix Update your...
PT-2013-78: Buffer overflow in SIMATIC WinCC Open Architecture
The specialists of the Positive Research center have detected a Buffer overflow vulnerability in SIMATIC WinCC Open Architecture. The SIMATIC WinCC OA integrated Web server at Port 4999/TCP might allow attackers to perform remote code execution by sending specially crafted packets without...
PT-2013-24: Concealing User Authority in SAP NetWeaver
The specialists of the Positive Research center have detected "Concealing User Authority" vulnerability in SAP NetWeaver. No matter how much authority the user '............' has, it is not reflected in report RSUSR002. How to fix Update your software up to the latest version Advisory status...
PT-2013-33: CRLF Injection in Siemens Simatic WinCC TIA Portal
The specialists of the Positive Research center have detected "CRLF Injection" vulnerability in Siemens Simatic WinCC TIA Portal. If a user clicks on a malicious link which seems to lead to a HMI web application, it is possible to display any data to the user HTTP response splitting. How to fix...
PT-2013-25: Information Disclosure in Siemens Simatic WinCC and PCS 7
The specialists of the Positive Research center have detected "Information Disclosure" vulnerability in Siemens Simatic WinCC and PCS 7. WebNavigator passwords stored in the SQL database are only obfuscated. How to fix Update your software up to the latest version Advisory status 11.07.2012 -...
FreeBSD Ports: FreeBSD
The remote host is missing an update to the system as announced in the referenced advisory. VID e51d5b1a-4638-11e1-9f47-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID e51d5b1a-4638-11e1-9f47-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
PT-2011-43: Database information disclosure in Kayako Fusion
A vulnerability has been discovered in Kayako Fusion, which can be exploited by a malicious person with a 'staff' privileged user account. The vulnerability exists in the logic of report generation, which is based on Kayako Query Language KQL. An authorized 'staff' user can generate a report...
PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router
Positive Research Center has discovered that password hashing is not implemented in D-Link DIR-300 routers, which allows one to obtain passwords in plain text. How to fix Update your software up to the latest version Update link Advisory status 09.09.2011 - Vendor is notified 09.09.2011 - Vendor...
PT-2009-41: Multiple vulnerabilities in Kayako Support Suite
Vulnerability Description Positive Technologies Research Team discovered several Installation Path Disclosure vulnerabilities in Kayako Support Suite. The application uses a vulnerable PHP function unserialize, which allows an attacker to disclose the product installation path. In addition, there...
Nagios cross-site scripting vulnerability
Overview Nagios from Nagios.org contains a cross-site scripting vulnerability. Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser...
[SA15857] Emilda User Management Security Bypass Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
Picasm 1.10/1.12 - Error Generation Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/13698/info Picasm is affected by a remote buffer overflow vulnerability. An attacker can exploit this issue by supplying an excessive 'error' directive. If successfully exploited, this issue can allow a remote attacker to gain access to the affected...
BugPort Attached File Handling Unspecified Issue
The remote host seems to be running BugPort, an open source web-based system to manage tasks and defects throughout the software development process. This version of BugPort contains an unspecified attachment handling flaw. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...