A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior t CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2023-22611 create time: 2023-02-07T22:17:58Z
CVE-2020-0671 (windows 10, windows server 2016, windows server 2019)
IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-4260 create time: 2023-02-03T22:06:26Z
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-4263 create time: 2023-02-03T22:06:10Z
On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file. CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-6643 create time: 2023-02-03T19:54:36Z
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cle CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-15654 create time: 2023-02-03T17:42:19Z
A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CV CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-10129 create time: 2023-02-03T15:30:19Z
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected b CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-10163 create time: 2023-02-03T15:30:15Z
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution withi CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-10957 create time: 2023-02-01T18:03:36Z
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS part CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-14861 create time: 2023-01-30T21:54:12Z
This is a script that exploits a known vulnerability (CVE-2019-15107) in web applications, allowing an attacker to inject commands on the target server. It takes a file containing a list of target URLs as input and attempts to find vulnerable URLs. It should only be used for security testing and with proper authorization. : Pichuuuuu/verbose_happiness create time: 2019-12-22T15:43:59Z
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional sc CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-13033 create time: 2023-01-27T21:40:35Z
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2019-17637 create time: 2023-01-27T21:40:31Z
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. CVE project by @Sn0wAlice : Live-Hack-CVE/CVE-2022-48123 create time: 2023-01-26T18:04:19Z 2ff7e9595c
Comments