Easyndexer version 1.0 suffers from an arbitrary file download vulnerability.
2ed511b01a3cb023e07c92e39e13590bTina4 Stack version 1.0.3 suffers from a remote SQL injection vulnerability.
ddc080dfaca6281eb694835a41776d8fAndroid OS suffers from a sensitive data exposure vulnerability in its RSSI broadcasts.
a26217d9d0c12d9ab358f22208fabe78Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts.
1662a0811657c2af60dfcefe19ec6d2fDell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
c22adbdd431026937dde62858e1d4472HP Security Bulletin MFSBGN03829 1 - A potential vulnerability has been identified in the Operations Bridge Manager capability of the Micro Focus Operations Bridge containerized suite. The vulnerability could be exploited to remote code execution and information disclosure. Revision 1 of this advisory.
129b8eb6c45a0b42e3969e743a7a99b4Mongo Web Admin version 6.0 suffers from an information leakage vulnerability.
eece1ca5b96e7fa9c81d88136d34a031Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password. Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
d1ee6a56a2f2111ec9deee9f74a7989dRed Hat Security Advisory 2018-3463-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.
3b32d784757531f94cee253144a6bb11Red Hat Security Advisory 2018-3461-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability. m
22baaf41373533f294edce75a9651914Red Hat Security Advisory 2018-3462-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information disclosure vulnerability.
cff9950ad386d883ba3b64759ae0c76aRoyal TS/X suffer from an information disclosure vulnerability. Versions that addressed this issue are Royal TSX (for macOS) 3.3.1 released on 2018-09-13 and Royal TS (for Windows) 4.3.60728 released on 2018-07-28.
6b1c38de2392e49aa7ef8b0d81ea21f9The Google Cardboard Android and iOS applications (Android version 1.8, iOS version 1.2 and below) sends potentially sensitive information such as OS, CPU architecture, graphics chip vendor and version, CPU count, RAM, VRAM, screen size, device make and model, unencrypted to a third party site (Unity 3D Stats).
90bd446dbfb72bbe575551b017929885Brava! Enterprise and Server components versions 7.5 through 16.4 suffer from a sensitive data exposure vulnerability due to weak permissions.
d8b086c6d8399f7021b016ba9a5f9d1dNETGEAR WiFi Router R6120 suffers from a credential disclosure vulnerability.
c17632c07fa30cddd4d7d71c6eb235b5ZyXEL VMG3312-B10B versions prior to 1.00 (AAPP.7) suffer from a credential disclosure vulnerability.
d7d23c2b70dbfc679ed549383bbcd020Debian Linux Security Advisory 4326-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, incomplete TLS identity verification, information disclosure or the execution of arbitrary code.
7c35625696991fdc77cb84e7b2071292Open STA Manager version 2.3 suffers from an arbitrary file download vulnerability.
2992f591e102887eaedce8f1596c8628Debian Linux Security Advisory 4324-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could result in the execution of arbitrary code, privilege escalation or information disclosure.
76d22f63eab5d95a897899812b146f6fNavigate CMS version 2.8.5 suffers from an arbitrary file download vulnerability.
3e891bc4623c966e8f7dd6a3f0e372e6Academic Timetable Final Build versions 7.0a through 7.0b suffer from an information leakage vulnerability.
45758a6aa9398946bad3ad7ba500881bPhoenix Contact WebVisit version 6.40.00 suffers from a password disclosure vulnerability.
07aee4be126e8419895ba1b70e201e80Debian Linux Security Advisory 4304-1 - Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code and local information disclosure.
cef96b7b3f669cea1394acd5d6046c39Debian Linux Security Advisory 4301-1 - Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which result in incorrectly configured rate limits, information disclosure in Special:Redirect/logid and bypass of an account lock.
c90886b8e062df158a4a7f5f924ed789Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.
34b23ee4bf4c54e688cf0bc81308cbd1
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed