90 matches found
The vulnerability of the RouterOS operating system in MikroTik routers, related to errors in path name restrictions for restricted access directories, allows attackers to bypass authentication procedures.
The vulnerability of the RouterOS operating system for MikroTik routers is related to errors in path name restrictions for restricted access directories. Exploiting this vulnerability allows a malicious actor to read and write arbitrary files outside of the /rw/disk directory, through interfaces...
CVE-2018-11426
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change...
The vulnerabilities of SIMATIC device software, related to errors in cryptography usage, allow attackers to obtain the TLS session key.
The vulnerability of SIMATIC device software is related to errors in the use of cryptography. Exploiting this vulnerability can allow a perpetrator with access to the web interface to obtain the TLS session key while monitoring the TLS traffic between the legitimate user and the device...
CVE-2019-6576
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" All versions V15.1 Update 1, SIMATIC HMI Comfort Outdoor Panels 7" & 15" All versions V15.1 Update 1, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F All versions V15.1 Update 1, SIMATIC WinCC...
Schneider Electric EVLink Parking
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
GHSA-387V-84CV-9QMC Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core
When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...
Security feature bypass
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
PT-2018-2604 · Moxa · Moxa Iks-G6824A +2
Name of the Vulnerable Software and Affected Versions: Moxa IKS and EDS affected versions not specified Moxa IKS-G6824A affected versions not specified Description: The issue is related to the failure of Moxa IKS and EDS to properly validate user input, allowing unauthenticated and authenticated...
The vulnerability of the microprogrammed software of the wireless video camera Lens Peek-a-View lies in the presence of pre-set accounts, which allow a intruder to gain access to the device.
The microprogramming software of the wireless video camera Lens Peek-a-View has vulnerabilities. There are pre-installed user accounts named “admin” with the password “2601hx” for access via UART, and user accounts named “user” and “guest” with passwords “user” and “guest” respectively for access...
CVE-2017-16249
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying 300 seconds with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web...
Cisco DPC3939 and DPC3941T Comcast Firmware Hardcoding Vulnerability
The Cisco DPC3939 and DPC3941T are both wireless voice gateway products from Cisco USA. comcast is a set of firmware developed by Comcast USA that runs in devices such as gateways and modems. A security vulnerability exists in the Comcast firmware in the Cisco DPC3939 using the...
Foscam camera Web UI Account Non-Random Default Credentials Vulnerability
Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. A non-random default credentials vulnerability exists in the Foscam camera web user interface account. The device uses admin blank non-random default credentials to acces...
PT-2017-17708 · D Link · D-Link Dir-615
Name of the Vulnerable Software and Affected Versions: D-Link DIR-615 version 20.09 Description: The issue allows an attacker to perform unwanted actions on a wireless router for which the user or admin is currently authenticated. This can be demonstrated by changing the Security option from WPA2...
Buffer Overflow in the Management Web Interface
Palo Alto Networks web management server improperly handles a buffer overflow. This can result in a possible remote code execution RCE. Ref PAN-63073/102953/CVE-2016-9150 An attacker with network access to the management web interface may be able to perform a remote code execution RCE or...
Authentication flaw
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...
Atlassian Bamboo 2.2.x < 5.8.5 / 5.9.x < 5.9.7 Unspecified Resource Deserialization RCE
According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is version 2.2.x prior to 5.8.5 or 5.9.x prior to 5.9.7. It is, therefore, affected by an unspecified resource deserialization flaw due to improper validation of user-supplied input. An...
CVE-2015-6576: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface...
ZyXEL SBG-3300 Security Gateway Denial Of Service
Vulnerability Title: DoS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7278 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko Casadei Disclosur...
Atlassian Confluence < 5.5.2 XWork Library ClassLoader Manipulation Remote Code Execution
According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.5.2. It is, therefore, affected by a flaw in the XWork library that allows a remote, unauthenticated user to alter the ClassLoader. This could allow an attacker to execut...
HP OpenView Network Node Manager OVBuildPath Overflow
Added: 02/20/2012 CVE: CVE-2011-3167 BID: 50471 OSVDB: 76775 Background HP OpenView Network Node Manager NNM is a network monitoring solution based on SNMP. Problem User supplied data from the NNM web interface is passed to the OVBuildPath function in ov.dll. This function contains a stack overfl...