Security Advisory - Phone Finder Bypass Vulnerability in Some Huawei Smart Phones
Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and obtain the owner of....
6.8CVSS
6.3AI Score
0.001EPSS
6.7AI Score
0.013EPSS
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple...
0.5AI Score
0.013EPSS
Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme GmbH Solar-Log versions 250, 300, 500, 800e, 1000, 1000 PM+, 1200, and 2000 suffer from cross site request forgery, cross site scripting, file upload, information disclosure, and denial of service...
6.9AI Score
-0.1AI Score
0.2AI Score
Ubiquiti Networks Command Injection Vulnerability
Exploit for hardware platform in category web...
0.2AI Score
AI Score
AI Score
Drupal 7.x Services module unserialize() to RCE
Upon auditing Drupal's Services module, the Ambionics team came accross an insecure use of unserialize(). The exploitation of the vulnerability allowed for privilege escalation, SQL injection and, finally, remote code execution. Services module Services is a "standardized solution for building...
8.8AI Score
Navetti PricePoint 4.6.0.0 XSS / CSRF / SQL Injection Vulnerabilities
Exploit for php platform in category web...
7.1AI Score
0.5AI Score
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
...
7.4AI Score
Western Digital My Cloud Command Injection / File Upload Vulnerabilities
Exploit for hardware platform in category web...
7.1AI Score
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request...
0.2AI Score
0.2AI Score
Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones
There is a arbitrary memory read/write vulnerability in the hardware security module of some Huawei smart phones due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute...
6.7CVSS
6.8AI Score
0.0004EPSS
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site...
6.1CVSS
0.7AI Score
0.006EPSS
Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting Vulnerabilities
Exploit for hardware platform in category web...
AI Score
0.006EPSS
0.4AI Score
0.006EPSS
8.8CVSS
6.6AI Score
EPSS
The Huawei Themes APP in some Huawei products has a privilege elevation vulnerability due to the lack of theme pack check. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of.....
7.8CVSS
7.4AI Score
0.001EPSS
0.1AI Score
-0.1AI Score
0.001EPSS
AI Score
0.5AI Score
RVM automatically executes hooks located in $PWD
RVM, by default, hooks cd and automatically executes various auxiliary hooks when a user changes into a directory. The mechanics of these additional after_cd hooks are detailed at https://rvm.io/workflow/hooks. What this page fails to mention is that hooks, as of a vulnerable version, are not only....
7.3AI Score
FUDforum 3.0.6 - Local File Inclusion
Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: LFI Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to...
6.7AI Score
0.6AI Score
JUNG Smart Visu Server Multiple Vulnerabilities
Exploit for hardware platform in category local...
6.8AI Score
stadtbranchenbuch.com XSS vulnerability
Vulnerable URL: https://www.stadtbranchenbuch.com/search?what=%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C%2Fscript%3E&where;=Berlin Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|.....
6.3AI Score
Security Advisory - Phone Finder Bypass Vulnerability in Huawei Smart Phones
Phone Finder is a Huawei security method that was designed to make sure someone can't just wipe and factory reset the phone if user lost it or it was stolen. The Phone Finder in some Huawei smart phones can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System...
6.8CVSS
6.4AI Score
0.001EPSS
TYPO3 CMS 2.0.3 Cross Site Scripting Vulnerability
TYPO3 CMS versions 2.0.3 and below suffer from a cross site scripting...
6.7AI Score
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-343-05 Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability that was published January 5, 2017, on the NCCIC/ICS-CERT web site. Rockwell Automation has identified a...
10CVSS
1.6AI Score
0.002EPSS
FireMon Immediate Insight Detection
This script performs SSH based detection of FireMon Immediate...
7.1AI Score
Researchers Question Security in AMD's Upcoming Zen Chips
As more computing heads to the clouds, security researchers are questioning the security of virtual machine control panels called hypervisors. One of the first hardware-based solutions to address these concerns will be deployed by chip manufacturer AMD, called Secure Encrypted Virtualization. The.....
-0.1AI Score
Sony IPELA ENGINE IP Cameras Backdoor Accounts Vulnerability
Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera...
7.3AI Score
Security Advisory - Dirty COW Vulnerability in Huawei Products
In the morning of October 21th, 2016, a security researcher Phil Oester disclosed a local privilege escalation vulnerability in Linux kernel. A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An.....
7.8CVSS
0.8AI Score
0.879EPSS
1AI Score
EnCase Forensic Imager 7.10 Denial Of Service / Heap Buffer Overflow
EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow...
7.4AI Score
0.4AI Score
0.8AI Score
FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery
FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request...
1.2AI Score
-0.4AI Score
-0.2AI Score
7.4AI Score
7.4AI Score
-0.1AI Score
-0.1AI Score
7.4AI Score