This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target...
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within...
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within...
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module. Date published : 2020-03-25 https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/ https://github.com/it-novum/openITCOCKPIT/commit/50722befae4cfedd0103f9b0ec2a7e22530b2385
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS. Date published : 2020-03-25 https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/ https://github.com/it-novum/openITCOCKPIT/commit/3838d98d35ececc7e83cf0f7cf785c9a7729cdbf
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. Date published : 2020-03-25 https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/ https://github.com/it-novum/openITCOCKPIT/commit/73b5b34afa8bd82ff26c0097558341214c768cfc
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections. Date published : 2020-03-25 https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/ https://github.com/it-novum/openITCOCKPIT/commit/581cc9007bbfba84a2575729d5d903ab3a8f25ee
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with...
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. Date published : 2020-03-25 https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=13078&token=de344ca65252463cc581ef144e0c53bd97b8f211&download= https://www.tenable.com/security/research/tra-2020-16
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958. Date published : 2020-03-24 https://www.ibm.com/support/pages/node/5693588 https://exchange.xforce.ibmcloud.com/vulnerabilities/165958
Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code. Date published : 2020-03-24 https://www.tenable.com/security/research/tra-2020-12
An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted...