HPE Security Bulletin HPESBGN03763 1 - Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution. Revision 1 of this advisory.
f658bb859acd2dba5129f2333bff36ab95e2e9cc867b0864639769154f072376
HPE Security Bulletin HPESBGN03762 1 - Potential security vulnerabilities have been identified in HPE Network Node Manager i. The vulnerabilities could be remotely exploited to allow bypass security restrictions, cross-site scripting (XSS), and/or URL redirection. Revision 1 of this advisory.
5e87f3dd4177244be5a1d11c4b186e953125271e1fadbf0f71c40169f7525270
HPE Security Bulletin HPESBHF03745 2 - Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. Revision 2 of this advisory.
d942528bda72b4e150cab486d47ec95daa6697920d454ce2c526f91ce2edecea
NfSen version 1.3.7 and AlienVault OSSIM version 4.3.1 suffer from a customfmt command injection vulnerability.
6b2e5703fd89723e64a82ec4b72ba979239fa1d8e95511ce4df0a2e31d8f0b19
Microsoft Windows versions 7, 8.1, 2008 R2, 2012 R2, and 2016 R2 EternalBlue SMB remote code execution exploit that leverages the issue noted in MS17-0101.
0105c5a5b00ef47ce14d7433ff43d354540982cecc304f7a3285c0b49c8e61ac
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
c8c03493d21ddb62182280778fccc3f5946a4f980bdea6ebad5f5ae586c526e1
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
6b4dc74ec0faa009fc5d34f8ab85895e53c6f4f02bc160377905dcb95b0585a1
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods.
6cc7043e42bb5e5ed553be783eb82dc49a1d6d71419ee1e770ef5ea1fa3ffbdb
Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.
586787a6d1dda880fe7d465e9e08beefb8df4867bdc4ff70ae63e9b698c3a93d
Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
f334cdc0e5221dbdd8e265c696310914ec33ba9f953c3bc7882dac6905769a1f
Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.
102cc9fdae18e2fa08d5aa13154faa82d46f2c36fb59f16d7c95760d0880908d
Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
1cbfd7aa0988b8b2e0a3bab6ab3f75e82e7584f27e12ae1d93710a8e74ae29e5
Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
35ec88cdefdcb04ba8605a0dab155c2fcb7f47b08c73cdbdc66aa1daf923e78a
Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
94ab5cdca0846380f754f768d501585739bfdcb6204020363ce405b618b4f39f
Shenzhen C-Data CD7201 with software version 2.4.6b and firmware version 7.1.0 suffer from authentication bypass, command injection, and cross site scripting vulnerabilities.
a46b9e89be16523b84bb6f26590f3b1e7d32ea836fac1a6d5afb092713e6c6e8