Lucene search
K

90 matches found

BDU FSTEC
BDU FSTEC
added 2019/07/04 12:0 a.m.6 views

The vulnerability of the RouterOS operating system in MikroTik routers, related to errors in path name restrictions for restricted access directories, allows attackers to bypass authentication procedures.

The vulnerability of the RouterOS operating system for MikroTik routers is related to errors in path name restrictions for restricted access directories. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files outside of the /rw/disk directory, through interfaces...

5.5CVSS5.6AI score0.03736EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2019/07/03 3:15 p.m.5 views

CVE-2018-11426

A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change...

9.8CVSS5.8AI score0.01841EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.5 views

The vulnerabilities of SIMATIC device software, related to errors in cryptography usage, allow attackers to obtain the TLS session key.

The vulnerability of SIMATIC device software is related to errors in the use of cryptography. Exploiting this vulnerability can allow a perpetrator with access to the web interface to obtain the TLS session key while monitoring the TLS traffic between the legitimate user and the device...

7.5CVSS7.1AI score0.01735EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2019/05/14 7:54 p.m.5 views

CVE-2019-6576

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" All versions V15.1 Update 1, SIMATIC HMI Comfort Outdoor Panels 7" & 15" All versions V15.1 Update 1, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F All versions V15.1 Update 1, SIMATIC WinCC...

7AI score0.01735EPSS
Exploits0References3
ICS
ICS
added 2019/01/31 12:0 a.m.183 views

Schneider Electric EVLink Parking

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

10CVSS9.7AI score0.06252EPSS
Exploits3References5
OSV
OSV
added 2018/10/18 4:40 p.m.2 views

GHSA-387V-84CV-9QMC Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

7.5CVSS7AI score0.06559EPSS
Exploits0References9
Prion
Prion
added 2018/06/26 6:29 p.m.17 views

Security feature bypass

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...

9CVSS7.1AI score0.03737EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/04/19 12:0 a.m.5 views

PT-2018-2604 · Moxa · Moxa Iks-G6824A +2

Name of the Vulnerable Software and Affected Versions: Moxa IKS and EDS affected versions not specified Moxa IKS-G6824A affected versions not specified Description: The issue is related to the failure of Moxa IKS and EDS to properly validate user input, allowing unauthenticated and authenticated...

6.1CVSS6.1AI score0.01079EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.5 views

The vulnerability of the microprogrammed software of the wireless video camera Lens Peek-a-View lies in the presence of pre-set accounts, which allow a intruder to gain access to the device.

The microprogramming software of the wireless video camera Lens Peek-a-View has vulnerabilities. There are pre-installed user accounts named “admin” with the password “2601hx” for access via UART, and user accounts named “user” and “guest” with passwords “user” and “guest” respectively for access...

10CVSS7.8AI score0.01405EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/11/09 7:0 p.m.28 views

CVE-2017-16249

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying 300 seconds with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web...

7.4AI score0.59386EPSS
Exploits7References4
CNVD
CNVD
added 2017/08/01 12:0 a.m.4 views

Cisco DPC3939 and DPC3941T Comcast Firmware Hardcoding Vulnerability

The Cisco DPC3939 and DPC3941T are both wireless voice gateway products from Cisco USA. comcast is a set of firmware developed by Comcast USA that runs in devices such as gateways and modems. A security vulnerability exists in the Comcast firmware in the Cisco DPC3939 using the...

8.8CVSS8.8AI score0.01273EPSS
Exploits1References1
CNVD
CNVD
added 2017/06/09 12:0 a.m.4 views

Foscam camera Web UI Account Non-Random Default Credentials Vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. A non-random default credentials vulnerability exists in the Foscam camera web user interface account. The device uses admin blank non-random default credentials to acces...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/04/04 12:0 a.m.4 views

PT-2017-17708 · D Link · D-Link Dir-615

Name of the Vulnerable Software and Affected Versions: D-Link DIR-615 version 20.09 Description: The issue allows an attacker to perform unwanted actions on a wireless router for which the user or admin is currently authenticated. This can be demonstrated by changing the Security option from WPA2...

8.8CVSS8.6AI score0.03006EPSS
Exploits4References3
Palo Alto Networks
Palo Alto Networks
added 2016/11/17 5:1 p.m.9 views

Buffer Overflow in the Management Web Interface

Palo Alto Networks web management server improperly handles a buffer overflow. This can result in a possible remote code execution RCE. Ref PAN-63073/102953/CVE-2016-9150 An attacker with network access to the management web interface may be able to perform a remote code execution RCE or...

9.8CVSS8AI score0.34781EPSS
Exploits1References1
Prion
Prion
added 2016/09/06 12:59 a.m.15 views

Authentication flaw

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

10CVSS7AI score0.0286EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/11/04 12:0 a.m.25 views

Atlassian Bamboo 2.2.x < 5.8.5 / 5.9.x < 5.9.7 Unspecified Resource Deserialization RCE

According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is version 2.2.x prior to 5.8.5 or 5.9.x prior to 5.9.7. It is, therefore, affected by an unspecified resource deserialization flaw due to improper validation of user-supplied input. An...

8.8CVSS8.4AI score0.03618EPSS
Exploits0References3
Atlassian
Atlassian
added 2015/10/12 4:26 a.m.32 views

CVE-2015-6576: Deserialisation Resulting in Remote Code Execution Vulnerability

Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface...

8.8CVSS8.7AI score0.03618EPSS
Exploits0
Packet Storm
Packet Storm
added 2014/10/03 12:0 a.m.33 views

ZyXEL SBG-3300 Security Gateway Denial Of Service

Vulnerability Title: DoS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7278 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko Casadei Disclosur...

5CVSS0.02476EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2014/08/06 12:0 a.m.12 views

Atlassian Confluence < 5.5.2 XWork Library ClassLoader Manipulation Remote Code Execution

According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.5.2. It is, therefore, affected by a flaw in the XWork library that allows a remote, unauthenticated user to alter the ClassLoader. This could allow an attacker to execut...

6.3AI score
Exploits0References2
Saint
Saint
added 2012/02/20 12:0 a.m.33 views

HP OpenView Network Node Manager OVBuildPath Overflow

Added: 02/20/2012 CVE: CVE-2011-3167 BID: 50471 OSVDB: 76775 Background HP OpenView Network Node Manager NNM is a network monitoring solution based on SNMP. Problem User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overfl...

10CVSS6.9AI score0.66402EPSS
Exploits8
Rows per page
Query Builder