Threat Encyclopedia
A buffer overflow vulnerability exists in Schneider Electric Pelco DS-NV Software package.
A buffer overflow vulnerability exists in Schneider Electric Pelco DS-NV Software package.
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via crafted HTTP POST request.
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
There is a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3.
A remote code execution vulnerability exists in Ericsson Erlang OTP SSH Server. The vulnerability is due to execution of critical functions prior to authentication completion. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted packets to the target server. Successful exploitation could result in arbitrary code execution under the context of the vulnerable application.
A remote code execution vulnerability exists in Ericsson Erlang OTP SSH Server. The vulnerability is due to execution of critical functions prior to authentication completion. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted packets to the target server. Successful exploitation could result in arbitrary code execution under the context of the vulnerable application.
There is a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user.
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component.
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN.
A security feature bypass vulnerability has been reported in Adobe ColdFusion. The vulnerability is due to insufficient validation of user data when creating data sources on the target server.
A device takeover vulnerability exists in the affected product. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.
TROJ_GEN.R002C0DC525
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.
Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.
A command injection and IP restriction bypass vulnerability has been reported in Cacti. The vulnerability is due to an access control weakness and insufficient validation of user data when receiving requests from Cacti pollers. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary command execution in the security context of the web server running the application.
An authentication bypass vulnerability has been reported for Sophos Firewall. This vulnerability is due to insufficient sanitization of null characters in the "json" parameter sent to the Controller endpoint.
This website uses cookies to ensure you get the best experience on our website.
Learn more