682 matches found
Input Validation Vulnerability in Caret
Caret is a software package for plotting classification and regression models. An input validation vulnerability exists in versions of Caret prior to 2019-02-22 that originates from a networked system or product that does not properly validate incoming data. An attacker could exploit the...
CVE-2018-14979
The CVE-2018-14979 entry concerns ASUS ZenFone 3 Max (ASUS_X008_1) with pre-installed com.asus.loguploader. The issue is an exported service, LogUploaderService, accessible via a specific action, that can write a bugreport (kernel log, logcat, system service states including active notifications)...
Rockwell Automation Allen-Bradley 1752-EN2T/C / 1769-L33ER/A LOGIX5333ER XSS
Exploit Title: Rockwell Automation Allen-Bradley 1752-EN2T/C, 1769-L33ER/A LOGIX5333ER Cross Site Scripting Google Dork: N/A Date: 5/12/2018 Exploit Author: n4pst3r Vendor Homepage: https://www.rockwellautomation.com/ Software Link: unkn0wn Version: 1752-EN2T/C, 1769-L33ER/A LOGIX5333ER Tested on...
Rockwell Automation Allen-Bradley 1752-EN2T/C, 1769-L33ER/A Cross Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Rockwell Automation Allen-Bradley 1752-EN2T/C, 1769-L33ER/A LOGIX5333ER Cross Site Scripting Google Dork: N/A Date: 5/12/2018 Exploit Author: n4pst3r Vendor Homepage: https://www.rockwellautomation.com/ Software Link: unkn0...
Curriculum Evaluation System 1.0 SQL Injection
Exploit Title: Curriculum Evaluation System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/curriculumevaluationsystem0.zip...
Information Disclosure Vulnerability in NSG 9000-6G
The NSG™ 9000-6G high-density general purpose edgeQAM system is a highly integrated digital video solution for multiplexing request-based video content over IP networks. An information disclosure vulnerability exists in the NSG 9000-6G that could be exploited by an attacker to obtain sensitive...
Linux ext4: out-of-bounds memcpy via non-inline system.data xattr(CVE-2018-11412)
ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode which normally contains a list of blocks instead,...
DEBIAN-CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
UBUNTU-CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
CVE-2018-0014
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25...
Inside the CCleaner Backdoor Attack
MADRID—As the investigation continues into the backdoor planted inside CCleaner, two members of parent company Avast’s threat intelligence team said today the desktop and cloud versions of the popular software contained different payloads. The revelation was made during a talk at Virus Bulletin...
CVE-2017-8003
EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of t...
Schneider Electric U.motion Builder Information Disclosure Vulnerability
U.motion Builder is a builder product from Schneider Electric France. An information disclosure vulnerability exists in Schneider Electric U.motion Builder. Returns system information to an attacker containing sensitive data. Allowing an attacker to exploit the vulnerability to execute arbitrary...
Adobe Captivate Information Disclosure Vulnerability
Adobe Captivate is a screen recording software. An information disclosure vulnerability exists in Adobe Captivate. An attacker can use this vulnerability to obtain sensitive system information...
Eview EV-07S GPS Tracker Information Disclosure Vulnerability
The Eview EV-07S GPS Tracker is a GPS tracking device for personal safety and personal protection. A security vulnerability exists in the Eview EV-07S GPS Tracker. The vulnerability can be exploited by an attacker to obtain sensitive information GPS data, etc...
CVE-2016-7107
Huawei Unified Maintenance Audit UMA before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors...
Code injection
Huawei Unified Maintenance Audit UMA before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors...
Shopify: Unauthorized access to Zookeeper on http://locutus-zk3.ec2.shopify.com:2181
What is Zookeeper? ==================== Zookeeper is a coordination service for distributed applications. It allows common services such as naming, synchronisation, configuration management and group services to be managed by a simple interface and It uses a data model of File System on an...
[SECURITY] Fedora 23 Update: setroubleshoot-plugins-3.3.5.1-1.fc23
This package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials...
Libksba One Error Vulnerability
Libksba is a library that simplifies work tasks for X.509 certificates, CMS data and related objects in the GnuPG project developed by the GNU Project. A difference-one error vulnerability in Libksba's src/dn.c file can be exploited by an attacker to cause OOB read access in ksbadntostr...