CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

Cross site scripting

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

Summary (CVE-2019-1000010): phpIPAM versions 1.3.2 and earlier contain a Cross Site Scripting (XSS) vulnerability in the subnet-scan-telnet.php component. The issue allows an attacker to craft a link that, when visited by a user, can execute code in the victim’s browser. The vulnerability’s impac...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

ALPINE-CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

UBUNTU-CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

openSUSE Security Update : pam (openSUSE-2018-1511)

This update for pam fixes the following issue : Security issue fixed : - CVE-2018-17953: Fixed IP address and subnet handling of pamaccess.so that was not honoured correctly when a single host was specified bsc1115640. This update was imported from the SUSE:SLE-15:Update update project...

Micro Focus openSUSE Leap and SUSE Linux Enterprise PAM Access Bypass Vulnerabilities

Micro Focus openSUSE Leap and SUSE Linux Enterprise are both different versions of the Linux operating system from Micro Focus in the U.K. PAM is one of the Pluggable Authentication Modules. An access bypass vulnerability exists in Micro Focus openSUSE Leap version 15.0 and PAM version 1.3.0 in...

TOTOLINK A3002RU System Command Injection Vulnerability (CNVD-2018-26645)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A command injection vulnerability exists in formAliasIp in TOTOLINK A3002RU version 1.0.8. An attacker can exploit this vulnerability to execute system commands with the help of the 'subnet' POST parameter...

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

DEBIAN-CVE-2018-14663

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...

UBUNTU-CVE-2018-14663

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...

CVE-2018-14663

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a...

CVE-2018-14663

PowerDNS DNSDist prior to 1.3.3 is affected by a vulnerability where a crafted DNS query with trailing data could cause an EDNS Client Subnet/record addition to be smuggled to the backend, potentially exposing records unseen by dnsdist. This issue occurs when useClientSubnet or the experimental a...

Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd) process crash

An improper input validation weakness in the device control daemon process dcd of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and connected clients when the Junos device is requesting an IP address for itself. Junos devices are not...

August 9, 2016 — KB3176492 (OS Build 10240.17071)

August 9, 2016 — KB3176492 OS Build 10240.17071 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability for Internet Explorer 11 and WebDAV shares. Addressed issue affecting some...

CVE-2018-8842

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to...