EUVD-2013-3366

Malware in sbrugna...

MAL-2025-17056 Malicious code in cisco-vsm (npm)

The package cisco-vsm was found to contain malicious code...

Malicious code in cisco-vsm (npm)

The package cisco-vsm was found to contain malicious code...

Lawo AG vsm LTC Time Sync Path Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated Path Traversal Vulnerability product: Lawo AG - vsm LTC Time Sync vTimeSync vulnerable version: 4.5.6.0 fixed version: 4.5.6.0 CVE number: CVE-2024-6049...

CVE-2024-6049

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

CVE-2024-6049

The CVE-2024-6049 issue affects Lawo AG vsm LTC Time Sync (vTimeSync) Web server. A triple-dot path traversal vulnerability allows unauthenticated attackers to download arbitrary OS files via crafted HTTP requests, with exploitation possible only when a file extension is requested (e.g., .exe, .t...

CVE-2024-6049 Unauthenticated Path Traversal

The web server of Lawo AG vsm LTC Time Sync vTimeSync is affected by a "..." triple dot path traversal vulnerability. By sending a specially crafted HTTP request, an unauthenticated remote attacker could download arbitrary files from the operating system. As a limitation, the exploitation is only...

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

This blog post is part of a multi-part series, and it is highly recommended to read the first entry here before continuing. As the second entry in our "Exploring malicious Windows drivers" series, we will continue where the first left off: Discussing the I/O system and IRPs. We will expand on the...

May 14, 2024—KB5037763 (OS Build 14393.6981) - EXPIRED

May 14, 2024—KB5037763 OS Build 14393.6981 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...

Cisco Nexus 1000V Insufficient VSM/VEM Authentication (CVE-2013-1211)

Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module VEM to Virtual Supervisor Module VSM communication, which allows remote attackers to obtain VEM access via 1 spoofed STUN packets or 2 a crafted VMware ESXi instance, aka Bug ID CSCud14832. This...

Cisco Nexus 1000V VSM/VEM Heartbeat Denial of Service (CVE-2013-1213)

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module VEM to a Virtual Supervisor Module VSM, which allows remote attackers to cause a denial of service false VEM unavailability report via a flood of UDP packets, aka Bug ID...

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass (CVE-2013-1208)

The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID...

Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass (CVE-2013-1209)

The encryption functionality in the Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via...

CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd

GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...

CVE-2018-15427

The CVE-2018-15427 issue affects Cisco Video Surveillance Manager (VSM) Appliance on Cisco UCS platforms. A root account with undocumented, default static credentials permits unauthenticated remote login, enabling an attacker to log in and execute arbitrary commands with root privileges. Public d...

Critical Vulnerability Found in Cisco Video Surveillance Manager

A critical vulnerability in the Cisco Video Surveillance Manager software has been uncovered, which could allow an unauthenticated, remote attacker to log in and execute arbitrary commands as the root user. The issue is a simple one: Affected versions contain static user credentials for the root...

CVE-2013-3430

Cisco Video Surveillance Manager VSM before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the CiscoVSBWT aka Broadware sample code package, aka Bug ID CSCsv37288...

Design/Logic Flaw

Cisco Video Surveillance Manager VSM before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the CiscoVSBWT aka Broadware sample code package, aka Bug ID CSCsv37288...

Authentication flaw

Cisco Video Surveillance Manager VSM before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the CiscoVSBWT aka Broadware sample code package...

CVE-2013-3430

CVE-2013-3430 affects Cisco Video Surveillance Manager (VSM) before 7.0.0. The issue allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT component. Cisco’s advisory notes multiple vulnerabilities in VSM pre-7....