105 matches found
Arris DG1670A Cable Modem Remote Command Execution
Vulnerability Details Affected Vendor: Arris Affected Product: Cable Modem Affected Version: DG1670A, TG1670 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path; CWE-77: Improper Neutralization of Special Elements used in a Command; CWE-522: Insufficiently...
Seagate GoFlex Satellite Remote Telnet Default Password
Vulnerability Details Affected Vendor: Seagate Affected Product: GoFlex Satellite Affected Version: 1.3.7 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel; CWE-798: Use of Hard-coded Credentials Impact: Remote Administration Attack...
Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: Microsoft Affected Product: Bluetooth Personal Area Networking Affected Versions: 5.1.2600.5512 Platform: Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where Condition Impact: Privilege Escalation Attack vector: IOCTL CVE ID:...
Cisco Firepower Threat Management Console Authenticated Denial of Service
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-404: Improper Resource Shutdown or Release Impact: Denial of Service Attack vector:...
Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: Microsoft Affected Product: TCP/IP Protocol Driver Affected Version: 5.2.3790.4573 Platform: Microsoft Windows Server 2003 Service Pack 2 Architecture: x86, x64, Itanium Impact: Privilege Escalation Attack vector: IOCTL CVE-ID: CVE-2014-4076 2...
Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: Microsoft Affected Product: MQ Access Control Affected Versions: 5.1.0.1110 Platform: Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where Condition Impact: Privilege Escalation Attack vector: IOCTL CVE ID: CVE-2014-4971 2. Vulnerability...
Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-434: Unrestricted Upload of File with Dangerous Type, CWE-94: Improper Control of...
Cisco Firepower Threat Management Console Local File Inclusion
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path Impact: Information Disclosure Attack...
Trendmicro InterScan Privilege Escalation Vulnerability
Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact:...
Piriform CCleaner Wiped Filename Recovery
Vulnerability Details Affected Vendor: Piriform Affected Product: CCleaner Affected Version: 3.26.0.1988 - 5.02.5101 Platform: Microsoft Windows 7 x64 Service Pack 1 CWE Classification: CWE-200: Information Exposure Impact: Information Exposure Attack vector: Local CVE-ID: CVE-2015-3999 2...
Solarwinds LEM Management Shell Escape via Command Injection
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command Impact: Privileged Access Attack vector: SSH...
Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Authentication Bypass CVE-ID:...
SiS Windows VGA Display Manager Multiple Privilege Escalation
Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation Affected Product: Windows VGA Display Manager Affected Version: 6.14.10.3930 Platform: Microsoft Windows 7 x86, Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code...
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: Oracle Affected Product: VirtualBox Guest Additions Affected Versions: 4.3.8 - 4.3.10 Platform: Microsoft XP SP3 CWE Classification: CWE-123: Write-what-where Condition Impact: Arbitrary code execution Attack vector: IOCTL CVE ID: CVE-2014-2477 2...
VBox Satellite Express Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: VBox Communications Affected Product: Satellite Express Protocol Affected Version: 2.3.17.3 Platform: Microsoft Windows XP SP3, Microsoft Windows 7 x86 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code Execution Attack vector:...
Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
Vulnerability Details Affected Vendor: Dell Affected Product: Pre-Boot Authentication Driver Affected Version: 1.0.1.5 Platform: Microsoft Windows XP SP3, Microsoft Windows 2003 SP2, Microsoft Windows 7 CWE Classification: CWE-20: Improper input validation Impact: Arbitrary Code Execution Attack...
Linksys EA6100 Wireless Router Authentication Bypass
Vulnerability Details Affected Vendor: Linksys Affected Product: EA6100 - EA6300 Wireless Router Affected Version: 1.1.5 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel Impact: Remote Administration Attack vector: HTTP CVE-ID: 2...
WatchGuard XTMv User Management Cross-Site Request Forgery
Vulnerability Details Affected Vendor: WatchGuard Affected Product: XTMv Affected Version: v11.12 Build 516911 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF Impact: Privileged Access Attack vector: HTTP 2. Vulnerability Description Lack of CSRF protection...
Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact: Privileged Access Attack vector: SSH 2. Vulnerability Description An...
Solarwinds LEM Database Listener with Hardcoded Credentials
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...
Trendmicro InterScan Remote Root Access Vulnerability
Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a...
Solarwinds LEM Management Shell Arbitrary File Read
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-36: Absolute Path Traversal Impact: Information Disclosure Attack vector: SSH 2. Vulnerability Description The...
Solarwinds LEM Privilege Escalation via Controlled Sudo Path
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-281: Improper Preservation of Permissions, CWE-708: Incorrect Ownership Assignment Impact: Privileged Access...
Sophos Web Appliance Privilege Escalation
Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-261: Weak Cryptography for Passwords Impact: Privilege Escalation Attack vector: HTTP 2...
Ubiquiti Administration Portal CSRF to Remote Command Execution
Vulnerability Details Affected Vendor: Ubiquiti Affected Product: AirGateway, AirFiber, mFi Affected Version: 1.1.6, 3.2, 2.1.11 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF; CWE-77: Improper Neutralization of Special Elements used in a Command 'Command...
Trendmicro InterScan Arbitrary File Write
Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a...
Sophos Web Appliance Remote Code Execution
Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-88: Argument Injection or Modification...
XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation Affected Product: XGI VGA Display Manager Affected Version: 6.14.10.1090 Platform: Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code Execution Attack vector: IOCTL...
SQLite Tempdir Selection Vulnerability
Vulnerability Details Affected Vendor: SQLite/Hwaci Affected Product: SQLite Affected Version: All versions prior to 3.13.0 Platform: UNIX, GNU/Linux CWE Classification: CWE-379: Creation of Temporary File in Directory with Incorrect Permissions Impact: Data Leakage Attack vector: Local 2...
VMWare vmx86.sys Arbitrary Kernel Read
Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273 Platform: Microsoft Windows XP SP3 x86, Microsoft Windows Server 2003 SP2 x86, Microsoft Windows 7 SP1 x86 CWE Classification: CWE-20: Improper Input Validation Impact: Arbitrary Read,...
CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-250: Execution with Unnecessary Privileges CVE ID: CVE-2021-33217 2. Vulnerability Description The IoT Controller web application...
Barco wePresent Undocumented SSH Interface Accessible Via Web UI
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8 Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control CVE ID: CVE-2020-28331 2. Vulnerability Description The Barco wePresent device has an SSH daemon included in...
Cellebrite Restricted Desktop Escape and Escalation of User Privilege
Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-269: Improper Privilege Management, CWE-20: Input Validation Error CVE ID: CVE-2020-12798 2. Vulnerability Description Cellebrite UFED...
Cellebrite Hardcoded ADB Authentication Keys
Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.29 Platform: Embedded Windows CWE Classification: CWE-321: Use of hardcoded cryptographic keys CVE ID: CVE-2020-11723 2. Vulnerability Description Cellebrite UFED uses four hardcoded RSA private...
Splunk Local Privilege Escalation
Vulnerability Details Affected Vendor: Splunk Affected Product: Splunk Enterprise Affected Version: 6.6.x Platform: Embedded Linux CWE Classification: CWE-280: Improper Handling of Insufficient Permissions or Privileges Impact: Privilege Escalation Attack vector: Local 2. Vulnerability...
VICIdial Authenticated Remote Code Execution
Vulnerability Details Affected Vendor: VICIdial Affected Product: VICIdial Affected Version: 2.14-917a Platform: GNU/Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' CVE ID: CVE-2024-8504 2. Vulnerability Description An...
Barco wePresent Hardcoded API Credentials
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2020-28329 2. Vulnerability Description Barco wePresent...
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.50 Platform: Debian 10 LTS CWE Classification: CWE-502 Deserialization of Untrusted Data CVE ID: CVE-2024-2054 2. Vulnerability Description The Artica Proxy administrative web application will...
CyberArk Credential File Insufficient Effective Key Space
Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...
Barco wePresent Admin Credentials Exposed In Plain-text
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8 Platform: Embedded Linux CWE Classification: CWE-523: Unprotected Transport of Credentials CVE ID: CVE-2020-28330 2. Vulnerability Description An attacker armed with hardcoded API...
Moxa TN-5900 Post Authentication Command Injection Vulnerability
Vulnerability Details Affected Vendor: Moxa Affected Product: TN-5900 Affected Version: v3.1 and prior Platform: Moxa Linux CWE Classification: CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' CVE ID: CVE-2021-46560 2. Vulnerability Description A...
Barco wePresent Global Hardcoded Root SSH Password
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID: CVE-2020-28334 2. Vulnerability Description The Barco wePresent...
Cellebrite EPR Decryption Relies on Hardcoded AES Key Material
Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-321: Hardcoded Use of Cryptography Keys CVE ID: CVE-2020-14474 2. Vulnerability Description The Cellebrite UFED Physical device relies on...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
Vulnerability Details Affected Vendor: ThousandEyes Affected Product: ThousandEyes Enterprise Agent Virtual Appliance Affected Version: thousandeyes-va-64-18.04 0.218 Platform: Linux / Ubuntu 18.04 CWE Classification: CWE-1395: Dependency on Vulnerable Third-Party Component CVE ID:...
Journyx Unauthenticated XML External Entities Injection
Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2024-6893 2. Vulnerability Description The "soapcgi.pyc" API handler allows...
Barco wePresent Authentication Bypass
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel CVE ID: CVE-2020-28333 2. Vulnerability Description The Barco wePresent web...
Barco wePresent Insecure Firmware Image
Vulnerability Details Affected Vendor: Barco Affected Product: wePresent WiPG-1600W Affected Version: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19 Platform: Embedded Linux CWE Classification: CWE-494: Download of Code Without Integrity Check CVE ID: CVE-2020-28332 2. Vulnerability Description The Barco...
CyberArk Credential Provider Race Condition And Authorization Bypass
Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength, CWE-362: Concurrent Execution using Shared Resource with...
CommScope Ruckus IoT Controller Undocumented Account
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-912: Hidden Functionality CVE ID: CVE-2021-33216 2. Vulnerability Description An upgrade...
CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33219 2. Vulnerability Description An undocumented, administrative-level, hard...