Otwarty Bugtraq


2017-05-26
High
Med.
Med.
Low
Low
2017-05-25
Med.
High
Med.
Med.
Med.
Med.
High
Med.


Ostatnie CVE

2017-05-22
CVE-2017-9147 Libtiff Libtiff
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.

2017-05-21
CVE-2017-9117 Libtiff Libtiff
In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.

CVE-2017-9131 Mimosa Backhaul radios
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote c...

CVE-2017-9132 Mimosa Backhaul radios
A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether i...

CVE-2017-9133 Mimosa Backhaul radios
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allo...

CVE-2017-9134 Mimosa Backhaul radios
An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without an...

CVE-2017-9135 Mimosa Backhaul radios
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that...

CVE-2017-9136 Mimosa Backhaul radios
An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator pass...

CVE-2017-6632 Cisco Firepower threat defense
A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the af...

2017-05-19
CVE-2017-4978 RSA Adaptive authentication (on pr...
EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.


Dorks


2017-05-25
Med.
sohaip-hackerDZ
2017-05-24
Med.
Persian Hack Team
Low
Persian Hack Team
2017-05-23
Med.
sohaip-hackerDZ
2017-05-22
Med.
sohaip-hackerDZ

Copyright 2017, cxsecurity.com