Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity
The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.
View ArticleBarracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.
View ArticleBarracuda WAF V360 Firmware 8.0.1.014 Support Tunnel Hijack
Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
View ArticleSolarwinds LEM 6.3.1 Hardcoded Credentials
Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.
View ArticleInfoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation
Infoblox NetMRI versions 7.1.2 through 7.1.4 suffer from administration shell escape and privilege escalation vulnerabilities.
View ArticleInfoblox NetMRI VM-AD30-5C6CE Factory Reset Persistence
Infoblox NetMRI version VM-AD30-5C6CE suffers from an administration shell factory reset persistence vulnerability.
View ArticleSonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
Sonicwall WXA5000 version 1.3.2-10-30 suffers from console jail escape and privilege escalation vulnerabilities.
View ArticleSophos UTM 9 loginuser Privilege Escalation Via Insecure Directory Permissions
Sophos UTM 9 suffers from a loginuser privilege escalation vulnerability via insecure directory permissions. Version 9.410 is affected.
View ArticleSophos UTM 9 Management Appplication Local File Inclusion
Sophos UTM 9 suffers from a local file inclusion vulnerability. Version 9.410 is affected.
View ArticleSophos Web Gateway 4.4.1 Cross Site Scripting
Sophos Web Gateway version 4.4.1 suffers from a persistent cross site scripting vulnerability.
View ArticleNetEx HyperIP 6.1.0 Authentication Bypass
NetEx HyperIP version 6.1.0 suffers from an authentication bypass vulnerability.
View ArticleNetEx HyperIP 6.1.0 Post-Auth Command Execution
NetEx HyperIP version 6.1.0 suffers from a post-authentication command execution vulnerability.
View ArticleNetEx HyperIP 6.1.0 Privilege Escalation
NetEx HyperIP version 6.1.0 suffers from a privilege escalation vulnerability.
View ArticleNetEx HyperIP 6.1.0 Local File Inclusion
NetEx HyperIP version 6.1.0 suffers from a local file inclusion vulnerability.
View ArticleTrend Micro IMSVA Management Portal 9.1.0.1600 Authentication Bypass
Trend Micro IMSVA Management Portal version 9.1.0.1600 suffers from an authentication bypass vulnerability.
View ArticleSophos UTM 9 loginuser Privilege Escalation
Sophos UTM 9 version 9.410 suffers from a loginuser privilege escalation vulnerability.
View ArticleHP Enterprise VAN SDN Controller 2.7.18.0503 Remote Root
HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality...
View ArticleHP VAN SDN Controller Root Command Injection
This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions 2.7.18.0503 and below to execute a payload as root. A root command injection was...
View ArticleDell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation
Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to,...
View ArticleCellebrite UFED 7.29 Hardcoded ADB Authentication Keys
Cellebrite UFED versions 5.0 through 7.29 use four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when...
View Article
