WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impac...

Juniper Networks Junos OS 授权问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. An authorization issue vulnerability exists in Juniper Networks Junos OS, which is caused by improper authentication in th...

CVE-2020-28093

On Tenda AC1200 Model AC6 15.03.06.51multi devices, admin, support, user, and nobody have a password of 1234...

openSUSE Security Update : texlive-filesystem (openSUSE-2020-368)

This update for texlive-filesystem fixes the following issues : Security issues fixed : - Changed default user for ls-R files and font cache directories to user nobody bsc1159740 - Switched to rm instead of safe-rm or safe-rmdir to avoid race conditions bsc1158910 . - Made cron script more failsa...

Security update for texlive-filesystem (moderate)

openSUSE Security Update: Security update for texlive-filesystem Announcement ID: openSUSE-SU-2020:0368-1 Rating: moderate References: 1150556 1155381 1158910 1159740 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for...

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code...

XFree86 X11R6 3.3.x Font Server Remote Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6241/info A remotely exploitable buffer overrun condition has been reported in the XFS font server, fs.auto used by multiple vendors. This vulnerability may be exploited by remote attackers to execute commands on the targ...

Debian DSA-098-1 : libgtop - format string vulnerability and buffer overflow

Two different problems were found in libgtop-daemon : - The laboratory intexxia found a format string problem in the logging code from libgtopdaemon. There were two logging functions which are called when authorizing a client which could be exploited by a remote user. - Flavio Veloso found a buff...

XFree86 X11R6 3.3.x - Font Server Remote Buffer Overrun

XFree86 X11R6 3.3.x - Font Server Remote Buffer Overrun source: https://www.securityfocus.com/bid/6241/info A remotely exploitable buffer overrun condition has been reported in the XFS font server, fs.auto used by multiple vendors. This vulnerability may be exploited by remote attackers to execut...

Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution

source: https://www.securityfocus.com/bid/564/info The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire. Via the web...

University of Washington pop2d 4.4 - Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/283/info A buffer overflow vulnerability in pop2d version 4.4 or earlier allow malicious remote users to obtain access to the "nobody" user account. The pop2 and pop3 servers support the concept of an "anonymous proxy", whereby a remote user connecting...