BTV-EMUI5.0,Berlin-EMUI5.0,Berlin-L21,Berlin-L22,Berlin-L23,MHA-AL00A Security Vulnerabilities

Security Advisory - Phone Finder Bypass Vulnerability in Some Huawei Smart Phones

Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of....

Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities

...

Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities

Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple...

Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities

Solare Datensysteme GmbH Solar-Log versions 250, 300, 500, 800e, 1000, 1000 PM+, 1200, and 2000 suffer from cross site request forgery, cross site scripting, file upload, information disclosure, and denial of service...

phplist 3.2.6 Cross Site Scripting

...

HumHub 1.0.1 Cross Site Scripting

...

Ubiquiti Networks Command Injection Vulnerability

Exploit for hardware platform in category web...

phplist 3.2.6 SQL Injection

...

HumHub 0.20.1 / 1.0.0-beta.3 Shell Upload

...

Drupal 7.x Services module unserialize() to RCE

Upon auditing Drupal's Services module, the Ambionics team came accross an insecure use of unserialize(). The exploitation of the vulnerability allowed for privilege escalation, SQL injection and, finally, remote code execution. Services module Services is a "standardized solution for building...

Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection Vulnerabilities

Exploit for php platform in category web...

Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection

...

Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery

...

Western Digital My Cloud Command Injection / File Upload Vulnerabilities

Exploit for hardware platform in category web...

Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery

Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request...

Western Digital My Cloud Command Injection / File Upload

...

Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones

There is a arbitrary memory read/write vulnerability in the hardware security module of some Huawei smart phones due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute...

Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting

Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site...

Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting Vulnerabilities

Exploit for hardware platform in category web...

Aruba AirWave 8.2.3 XXE Injection / Cross Site Scripting

...

Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting

...

Security Advisory - Privilege Elevation Vulnerability Caused by Arbitrary File Upload in Huawei Themes

The Huawei Themes APP in some Huawei products has a privilege elevation vulnerability due to the lack of theme pack check. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of.....

Elefant CMS 1.3.12-RC Code Execution

...

Plone 5.0.5 Cross Site Scripting

...

Elefant CMS 1.3.12-RC Cross Site Scripting

...

Elefant CMS 1.3.12-RC Cross Site Request Forgery

...

RVM automatically executes hooks located in $PWD

RVM, by default, hooks cd and automatically executes various auxiliary hooks when a user changes into a directory. The mechanics of these additional after_cd hooks are detailed at https://rvm.io/workflow/hooks. What this page fails to mention is that hooks, as of a vulnerable version, are not only....

FUDforum 3.0.6 - Local File Inclusion

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: LFI Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to...

JUNG Smart Visu Server 1.0.8x Path Traversal / Backdoor Accounts

...

JUNG Smart Visu Server Multiple Vulnerabilities

Exploit for hardware platform in category local...

stadtbranchenbuch.com XSS vulnerability

Vulnerable URL: https://www.stadtbranchenbuch.com/search?what=%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C%2Fscript%3E&where;=Berlin Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|.....

Security Advisory - Phone Finder Bypass Vulnerability in Huawei Smart Phones

Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System...

TYPO3 CMS 2.0.3 Cross Site Scripting Vulnerability

TYPO3 CMS versions 2.0.3 and below suffer from a cross site scripting...

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-343-05 Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability that was published January 5, 2017, on the NCCIC/ICS-CERT web site. Rockwell Automation has identified a...

FireMon Immediate Insight Detection

This script performs SSH based detection of FireMon Immediate...

Researchers Question Security in AMD's Upcoming Zen Chips

As more computing heads to the clouds, security researchers are questioning the security of virtual machine control panels called hypervisors. One of the first hardware-based solutions to address these concerns will be deployed by chip manufacturer AMD, called Secure Encrypted Virtualization. The.....

Sony IPELA ENGINE IP Cameras Backdoor Accounts Vulnerability

Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera...

Security Advisory - Dirty COW Vulnerability in Huawei Products

In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel. A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An.....

Sony IPELA ENGINE IP Cameras Backdoor Accounts

...

EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow

EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow...

EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow

...

HS-110 Smart Plug Account Takeover / Insecure Design

...

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request...

LEPTON 2.2.2 - Remote Code Execution

LEPTON 2.2.2 - Remote Code...

LEPTON 2.2.2 - SQL Injection

LEPTON 2.2.2 - SQL...

LEPTON 2.2.2 - SQL Injection

...

FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery

...

Mezzanine 4.2.0 - Cross-Site Scripting

Mezzanine 4.2.0 - Cross-Site...

FUDforum 3.0.6 - Local File Inclusion

FUDforum 3.0.6 - Local File...

LEPTON 2.2.2 - Remote Code Execution

...