Security Bulletin: Multiple Vulnerabilities fixed in IBM Security Directory Server

Summary Multiple Security Vulnerabilities fixed in the IBM Tivoli/Security Directory Server product. Vulnerability Details CVEID: CVE-2015-1978 DESCRIPTION: IBM Security Directory Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Google Dork: inurl:/Portal/Portal.mwsl Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family: All versio...

Debian: Security Advisory (DLA-1122-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1122-1 : asterisk security update

A security vulnerability was discovered in Asterisk, an Open Source PBX and telephony toolkit, that may lead to unauthorized command execution. The appminivm module has an 'externnotify' program configuration option that is executed by the MinivmNotify dialplan application. The application uses t...

[SECURITY] [DLA 1122-1] asterisk security update

Package : asterisk Version : 1:1.8.13.1dfsg1-3+deb7u7 CVE ID : CVE-2017-14100 Debian Bug : 873908 A security vulnerability was discovered in Asterisk, an Open Source PBX and telephony toolkit, that may lead to unauthorized command execution. The appminivm module has an "externnotify" program...

CVE-2017-1520

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830...

CVE-2017-1520

CVE-2017-1520 affects IBM Db2 9.7, 10.1, 10.5, and 11.1. A local/remote issue allows an unauthorized command to activate the database when authentication type is CLIENT. CVSS v3 base score is 3.7 (low); vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. IBM bulletins document multiple fix-pack remediat...

CVE-2017-1520

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830...

CVE-2017-14100

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...

CVE-2017-14100

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The appminivm module has an "externnotify" program configuration option that is executed by the...

MGASA-2017-0153 Updated git packages fix security vulnerability

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted login shell for Git-only SSH access, allows a user to run an interactive pager by causing it to spawn "git upload-pack --help" CVE-2017-8386...

CVE-2017-6079

CVE-2017-6079 affects Edgewater Networks Edgemarc (EdgeMarc) appliances. The HTTP web-management interface exposes a hidden page that allows user-defined commands (such as iptables rules) to be executed via a web shell-like mechanism; the flaw is described as a blind command-injection vulnerabili...

Security Bypass Vulnerability in Multiple D-Link DGS-1510 Websmart Devices

The D-Link DGS-1510-28XMP is an Ethernet switch from AUO D-Link. A full bypass vulnerability exists in multiple D-Link DGS-1510 Websmart devices, which can be exploited by remote attackers to submit a special request for unauthorized command execution...

McAfee VirusScan Enterprise Cross-Site Request Forgery Vulnerability

McAfee VirusScan Enterprise is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. A cross-site request forgery vulnerability exists in VirusScan...

Cisco EPC 3928 - Multiple Vulnerabilities

Cisco EPC 3928 - Multiple Vulnerabilities Title: Cisco EPC 3928 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337...

Cisco EPC 3928 - Multiple Vulnerabilities

Exploit for asp platform in category web applications Title: Cisco EPC 3928 Multiple Vulnerabilities Vendor: http://www.cisco.com/ Vulnerable Versions: Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 /...

Cisco Prime Network Services Controller Unauthorized Local Command Execution (cisco-sa-20151217-pnsc)(deprecated)

Nessus has dropped device detection of the now EOL Cisco Prime Network Services Controller. This plugin is being deprecated as a result. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/07/05. Deprecated along with dropping SSH library support. include"compat.inc"; if description...

Cisco Wireless Residential Unauthorized Command Vulnerability

A vulnerability with web interface access authentication of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to issue a subset of commands as the administrator without authenticating to the device. The vulnerability is due to lack of authentication...

GREED 0.81 GRX File List Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12034/info greed Get and Resume Elite Edition is prone to unauthorized command execution. This issue is exposed when the application processes a GRX file list that specifies shell metacharacters and commands in file names...

Windowmaker wmmon 1.0 b2 Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/885/info WMMon is a multiple platform Window Maker docking application. It monitors useful system information such as CPU load and disk activity. The application also allows the user to define commands that can be launche...