CVE-2022-33859

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary...

CVE-2022-33859

The CVE-2022-33859 entry describes an unrestricted file upload vulnerability in Eaton Foreseer EPMS. Affected versions include 4.x–7.5, with a remediation released as v7.6. The underlying issue is a file upload flaw in Foreseer EPMS that could allow a threat actor to upload arbitrary files. Eaton...

ALLPlayer 7.6 Buffer Overflow Exploit

Exploit Title: ALLPlayer v7.6 Local Buffer Overflow SEHUnicode Version: 7.6 Exploit Author: Xenofon Vassilakopoulos Tested on: Windows 7 Home Premium SP1 x86 Steps to reproduce : 1. generate the test.m3u using this exploit 2. open ALLPlayer then go to Open audio file 3. load the test.m3u file 4...

Security Bulletin: Vulnerability in nginx affects IBM StoredIQ (CVE-2016-4450)

Summary A denial of service vulnerability was disclosed on May 31, 2016 by nginx. Nginx is used by StoredIQ. StoredIQ has addressed the applicable CVE Vulnerability Details CVE-ID: CVE-2016-4450 Description: nginx is vulnerable to a denial of service, caused by a NULL pointer dereference error in...

Security Bulletin: Vulnerabilities in OpenSSL affect StoredIQ (CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by StoredIQ. StoredIQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2107 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a...

CVE-2017-5782

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found...

CVE-2017-5780

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found...

CVE-2017-5781

A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 was found...

Hardcoded credentials

A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found...

CVE-2017-5784

CVE-2017-5784 : A missing HSTS header vulnerability affects Hewlett Packard Enterprise’s Matrix Operating Environment (MOE) version 7.6. The CVE entry notes HSTS misconfiguration as the underlying issue, with CVSS metrics indicating a Medium severity (CVSSv2 base 5.8, CVSSv3 base 6.5). Connected ...

CVE-2017-5780

CVE-2017-5780 concerns a remote clickjacking vulnerability in Hewlett Packard Enterprise’s HPE Matrix Operating Environment (MEO) software. Connected data confirms the affected components are HPE Matrix Operating Environment Software (v7.6) and Systems Insight Manager (SIM) Software (v7.6). The r...

CVE-2017-5785

A remote information disclosure vulnerability in HPE Matrix Operating Environment version v7.6 was found...

Sql injection

Zenario v7.1 - v7.6 has SQL injection via the Name input field of organizer.php or adminboxes.ajax.php in the Categories - Edit module...

CVE-2018-5960

Zenario v7.1 - v7.6 has SQL injection via the Name input field of organizer.php or adminboxes.ajax.php in the Categories - Edit module...

CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue...

CVE-2016-4395

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue...

CVE-2016-4395

HP System Management Homepage (SMH) before v7.6 is vulnerable to remote code execution via a stack/buffer overflow in the SetSMHData handling of admin-group parameters (mod_smh_config.so). Exploitation is described in ZDI-16-587, with unauthenticated remote access leading to code execution under ...

CVE-2016-4396

CVE-2016-4396 affects HPE System Management Homepage (SMH) prior to v7.6. The vulnerability is a remote code execution stemming from an overflow in mod_smh_config.so when handling the TKN parameter (SSO proxy path). An unauthenticated, remote attacker can exploit this to execute arbitrary code on...

CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue...

CVE-2016-4393

HP/HPE System Management Homepage (SMH) is affected by CVE-2016-4393, a cross-site scripting vulnerability in versions before 7.6. The issue allows a remote authenticated attacker to obtain sensitive information via unspecified vectors. Affected product/version: SMH prior to v7.6. Root cause: XSS...