Pantech Link/P7040P browser SSL certificate parsing contains a flaw where it fails to check the Basic Constraints parameter of certificates in the chain.
05ac689c17d1d0ced452b3a748d9579a449b11a3cf9146257494b471ee8787a9Multiple Netgear routers suffers from remote and local password disclosure vulnerabilities.
dbaeb4937d70280e3491b85b30c34a0d631fed2c6555336ee35deb7fefcc8ddaTableau server suffers from a remote blind SQL injection vulnerability. Versions 8.1.X before 8.1.2 and 8.0.X before 8.0.7 are affected.
ebf6b43d894838fe1a6ca916802d8cfcb730ad9a2026321cedbb90facb145ccdDaumGame active-x control versions 1.1.0.5 and 1.1.0.4 suffer from a buffer overflow vulnerability. Proof of concept code included.
700de7f082a11cf764630d887c017c3cbc2790e1de57e8121f8094354020695eFranklin Fueling's TS-550 Evo suffers from insufficient access control and hard-coded credential vulnerabilities.
14ac4a0dcc8435d0f374279cb775ebf17d70e2a89ab2da0be5848b1242b49de8The Vino VNC server, which is also the default VNC server in Ubuntu (3.4.2-0ubuntu1.2), is vulnerable to a persistent denial of service vulnerability. The vulnerability is triggered when a VNC client, who claims to only support protocol version 3.3, sends malformed data during the authentication selection stage of the authentication process.
2a86c57ec668584e1c10178732acfc9a1b36983b15434b763d969877df0a7998AjaXplorer versions 5.0.2 and below suffer from remote shell upload and path traversal vulnerabilities.
552ae25c2c91eea7e941959524c55a6d80f32e9fbf854b3fd67ea2e5065006f2An arbitrary file upload vulnerability exists in the official Nmap Http-domino-enum-passwords NSE script.
3f3f0fed34e91a5d44d190bceb8508b03d02326855de030750d04807d7eb4044McAfee Superscan version 4.0 suffers from a cross site scripting vulnerability.
bd831b86fa9986e22ed6966c13d321dab445ccc1cb7456fece5b01c3b191f1b7INSTEON Hub version 2242-222, a home automation controller for INSTEON and X10 compatible devices, fails to authenticate access to various APIs.
344b9d157fcf088c208cd232978729ba893b86e4c1f8d79ddb434b8c739b31b1Radio Thermostat of America, Inc products CT80 and CT50 versions 1.4.64 and prior fail to authenticate any access to their API.
ddb62d7e2cdd7b877be375ce3503ead041eecf8f4c500d94945c215ccd64bcb5Karotz Smart Rabbit version 12.07.19.00 suffers from python module hijacking and cleartext token passing vulnerabilities.
89ac63705c52fad81984e28370079412330c777051779d769ad506e815011359LIXIL Satis Toilet suffers from having a hard-coded bluetooth PIN of 0000. Attackers can cause your toilet to repeatedly flush. Yes, this is a real advisory.
59e34c3c147f00689fcded58d1f6ab5a5fb010be87beb1a7464a18915563cc9fMiCasaVerde VeraLite version 1.5.408 suffers from path traversal, insufficient authorization checks, and cross site request forgery vulnerabilities.
f9a3f43c8dc78da3ef4d700ca406a351a37737ce36a34b9e1883287aa0b5874dOpenEMR versions 4.1.1 patch-12 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
34d2a68eac35ef40f833eadd836730cb6db7a18c16f6872866a69898d3908187Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.
7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caadThe Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.
593d275e9cad209f5d011018dd31b2516f2313f9799e0b9003a957d008d05c0bBitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.
47ea855b5b88d6c3266a6179cebd05aafa03ffcf5121153a984f4e7fad08a2bcScrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3Scrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
86781806a8d76416882371c450d483f0f4d9a6334ea56d9463f55a227d424643Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.
8884fca39476f536426dc043e4acf681f4550bb0e135c0d0de6141a9f1920af3WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.
4b15d4cecda7778d09707a3eb8bde58199397e08729366b2d3568a83e098e9f7Textpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.
caf423b9229fdd97872243c81b9025070f2924eb3658589f6e7bc52ca6f8921cphpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability.
a8c40f3aee84c74d540c2097d20b0799688cc7300895c4ba59bc51a7b094009fThe IBM TS3200/TS3200 Web User Interface is vulnerable to an authentication bypass attack. By sending a series of requests to the authentication function, it is possible to trigger a condition which causes the application to grant an access cookie which permits remote administration. Firmware less than A.60 is affected.
251930962a416ff086d78263b78eb5f8dcc016095a831b437bd5a97ae19df1acThe Centreon supervision and monitoring tool provided by Merethis permits remote code execution from the command help web page allowing an attacker to execute arbitrary commands in the context of the webserver hosting the application. The system also uses a one-way hash without a salt. Versions 2.3.1 and below are affected.
8baa1a03e20514db0ebdff56296a1f3d2b0ea0473b7d740b7747c685e31fb6df
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed