These vulnerabilities affect versions prior to November 2018 release. SolarWinds SFTP/SCP server through is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. This also grants the attacker an ability to backdoor the server. In SolarWinds SFTP/SCP Server through, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts.
#LYNC FOR MAC 2011 UPDATE 14.2 PASSWORD#
tags | exploit advisories | CVE-2018-15473 MD5 | f8e41eaa193966b2c6d7937c1bcb82c2 Download | Favorite | View SolarWinds SFTP Insecure Password Storage / XXE Injection Posted Authored by ajcraggs OpenSSH versions prior to 7.7 suffer from a user enumeration vulnerability. tags | exploit, vulnerability, xss advisories | CVE-2018-19749, CVE-2018-19750, CVE-2018-19751, CVE-2018-19752 MD5 | a8c0991331f173f598dda46519c17265 Download | Favorite | View OpenSSH User Enumeration Posted Authored by Matthew Daley, Justin Gardner, Lee David Painter tags | exploit, xss advisories | CVE-2018-19799 MD5 | 7e9f5d0ce4da13a127e9bec17063e7ec Download | Favorite | View DomainMOD 4.11.01 Cross Site Scripting Posted Authored by Mohammed Abdul RaheemĭomainMOD version 4.11.01 suffers from multiple cross site scripting vulnerabilities. tags | exploit advisories | CVE-2018-15716 MD5 | 067cc6cb85987b44c58f4479e6cd0e1d Download | Favorite | View Dolibarr ERP / CRM 8.0.3 Cross Site Scripting Posted Authored by Ozkan Mustafa Akkusĭolibarr ERP / CRM version 8.0.3 suffers from a cross site scripting vulnerability. NUUO NVRMini2 version 3.9.1 suffers from an authenticated command injection vulnerability. tags | exploit advisories | CVE-2018-19627 MD5 | 84046c2a04b1da337321b35fd5743a13 Download | Favorite | View NUUO NVRMini2 3.9.1 Command Injection Posted Authored by Artem Metla Wireshark suffers from a heap out-of-bounds read in find_signature. tags | advisory MD5 | 8d398e4f8f1b1a35eddcca69c66a88fc Download | Favorite | View Wireshark find_signature Heap Out-Of-Bounds Read Posted Authored by Google Security Research, mjurczyk tags | exploit, xss MD5 | 1816367e52467af90ad6a1ced2ce4278 Download | Favorite | View Chrome V8 Math.expm1 Incorrect Type Information Posted Authored by Google Security Research, sroettĬhrome V8 sets incorrect type information on Math.expm1. Typesetter version 5.1 suffers from a cross site scripting vulnerability. tags | advisory systems | linux, slackware advisories | CVE-2018-12404 MD5 | 2a4a4004fac372faa324e2b8686af6eb Download | Favorite | View Typesetter 5.1 Cross Site Scripting Posted Authored by Mithat Gogebakan | Site
Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Slackware Security Advisory - mozilla-nss Updates Posted Authored by Slackware Security Team | Site
0 kommentar(er)
