Linux: SSH HostbasedAuthentication

The HostbasedAuthentication parameter specifies if authentication is allowed through trusted hosts via the user of .rhosts, or /etc/hosts.equiv, along with successful public key client host authentication. This option only applies to SSH Protocol Version 2. Even though the .rhosts files are...

Junos OS vulnerable to cross-site scripting

Overview Junos OS contains a cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

Cisco UCS Director CVE-2019-16003 Information Disclosure Vulnerability

Description Cisco UCS Director is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvr00602. Technologies Affected Cisco UCS Director 4.0.0.0 Cisco UC...

IBM Cloud Orchestrator CVE-2019-4399 Information Disclosure Vulnerability

Description IBM Cloud Orchestrator is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following versions are vulnerable: IBM Cloud Orchestrator 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3,...

ISC BIND CVE-2019-6476 Remote Denial of Service Vulnerability

Description ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. ISC BIND 9.14.0 through 9.14.6, and 9.15.0 through 9.15.4 are vulnerable. Technologies Affected ISC Bind 9.14.0 ISC Bind 9.14.1 ISC Bind 9.14.2 ISC...

Palo Alto Networks Zingbox Inspector CVE-2019-15020 Remote Command Injection Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a remote command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands on the affected system. Versions prior to Zingbox Inspector 1.294 are vulnerable. Technologies Affected Paloaltonetworks Zingbox...

Huawei HG532 routers contain a path traversal vulnerability

Overview Huawei HG532 routers, including the HG532e, n, s, and possibly other models, are vulnerable to arbitrary file access through path traversal. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2015-7254In vulnerable Huawei router models,...

EMC Secure Remote Services Virtual Edition Certificate Forgery Vulnerability

EMC Secure Remote Services Virtual Edition is the virtual edition of the Remote Services software that provides two-way remote connectivity between EMC customer service and end-user EMC products and solutions. EMC Secure Remote Services Virtual Edition fails to properly validate certificates,...

Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities

Overview Symantec Web Gateway 5.1.1.24, and possibly earlier versions, contains cross-site scripting and SQL injection vulnerabilities. Description CVE-2014-1652 -CWE-79: Improper Neutralization of Input During Web Page Generation Symantec Web Gateway 5.1.1.24, and possibly earlier versions,...

Fortinet FortiADC D-series contains a cross-site scripting vulnerability

Overview Fortinet FortiADC D-series 3.2.0, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiADC D-series 3.2.0, and possibly earlier versions,...

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...

Aker Secure Mail Gateway reflected XSS vulnerability

Overview Aker Secure Mail Gateway 2.5.2 and previous versions contain a reflected cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2013-6037Aker Secure Mail Gateway 2.5.2 and previous versions...

Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability

Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-si...

Juniper Junos J-Web - Privilege Escalation

Juniper Junos J-Web - Privilege Escalation Sense of Security - Security Advisory - SOS-13-003 security advisory Release Date. 10-Sep-2013 Last Update. - Vendor Notification Date. 27-Sep-2012 Product. Juniper Junos J-Web Platform. Junos Affected versions. All builds prior to 2013-02-28 are affecte...

RUCKUS ADVISORY ID 031813-2: User authentication bypass vulnerability in ZoneDirector administrative web interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 031813-2 Customer release date: March 25, 2013 Public release date: May 27, 2013 TITLE User authentication bypass vulnerability in ZoneDirector administrative web interface SUMMARY An user authentication bypass vulnerability has bee...

Serva32 2.1.0 TFTPD service buffer overflow vulnerability

Overview Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability. Description The Serva32 2.1.0 TFTPD service contains a buffer overflow vulnerability when parsing large read requests. When the application reads in a large buffer the application crashes. --- Impact An unauthenticated...

Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability

Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...

Key Systems Electronic Key Lockers Command Injection

OVERVIEW Key Systems Electronic Key Lockers contain a command injection vulnerability which may allow a remote unauthenticated attacker to inject commands into the electronic key locker. Key Systems Electronic Key Lockers also contains weak authentication which could allow an attacker...

Webmin contains input validation vulnerabilities

Overview Webmin 1.580, and possibly earlier versions, has been reported to contain input validation vulnerabilities. Description The advisories from American Information Security Group report the following vulnerabilities.CWE-20: Improper Input Validation - CVE-2012-2981 "An input validation flaw...

Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows

====================================================================== Secunia Research 07/06/2012 - Network Instruments Observer - - SNMP Processing Buffer Overflows - ====================================================================== Table of Contents Affected...