256 matches found
PT-2019-15356 · Unknown · Control Center Server
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A remote attacker with network access to the CCS server could exploit an authentication bypass vulnerability in the XML-based communication protocol, as provided by default on...
Siemens SiNVR 3 Central Control Server (CCS) Authentication Bypass Vulnerability
SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and formerly distributed by Schille Informationssysteme gmmbH. Siemens SiNVR 3 Central Control Server CCS has an authentication bypass vulnerability in its xml-based communication protocol. A...
Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability
SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and formerly distributed by Schille Informationssysteme gmmbH. An authentication bypass vulnerability exists in the HTTP service default port 5401/tcp of the Siemens SiNVR 3 Video Server. A...
vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach
Hackers have stolen the account details of 250,000 users of Dutch sex-work forum Hookers.nl – including email addresses of both escorts and customers. The website provides a forum for escorts and customers to discuss sex work — including clients discussing their experiences with sex workers. A...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
Default credentials
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
Code injection
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13420
CVE-2019-13420 affects floragunn Search Guard (Elasticsearch/ELK plugin) prior to version 21.0. The vulnerability is a timing side-channel in the internal user database, which could leak information and impact confidentiality. The detail provided specifies the root cause as a timing discrepancy w...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
Brocade Network Advisor Vulnerabilities - Lenovo Support US
No description provided...
Privilege Escalation
jenkins is vulnerable to privilege escalation. Access to reserved names are not restricted in the HudsonPrivateSecurityRealm class when using jenkins' user database, which allows remote attackers to gain privileges by creating a reserved name...
Default credentials
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted not hashed password of the systems. The attacker could gain access to the Brocade Network Advisor System after...
CVE-2018-6445
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted not hashed password of the systems. The attacker could gain access to the Brocade Network Advisor System after...
CVE-2018-6445
A Vulnerability in Brocade Network Advisor versions before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encrypted not hashed password of the systems. The attacker could gain access to the Brocade Network Advisor System after...
CVE-2018-1000408
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...
CVE-2018-1000408
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...