Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2017-7253 — Dahuasecurity Ip_camera_firmware: Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1.
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. CVSSv3.1 8.8 (HIGH)
CVE-2017-6412 — Sophos Web_appliance: In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. CVSSv3.1 8.1 (HIGH)
CVE-2017-6182 — Sophos Web_appliance: In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-9826 — Imagemagick Imagemagick: allows remote attackers to have unspecified impact via vectors related to error handling
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-7324 — Modx Modx_revolution: setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-7323 — Modx Modx_revolution: The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism. CVSSv3.1 8.1 (HIGH)
CVE-2017-7322 — Modx Modx_revolution: The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. CVSSv3.1 8.1 (HIGH)
CVE-2017-7321 — Modx Modx_revolution: setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-7318 — Siklu Etherhaul_firmware: EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability.
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10309 — Ceragon Fibeair_ip-10_firmware: In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can
In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10308 — Siklu Etherhaul_firmware: EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10307 — Gotrango Apex_lynx_firmware: Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10306 — Trango A600_firmware: Altum AC600 devices have a built-in, hidden root account, with a default password
Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-10305 — Gotrango Apex_plus_firmware: Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing f CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5226 — Projectatomic Bubblewrap: When executing a program via the bubblewrap sandbox, the nonpriv session can escape to
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. CVSSv3.1 10.0 (CRITICAL)
CVE-2016-2379 — Pidgin Mxit: The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. CVSSv3.1 8.8 (HIGH)
CVE-2014-3582 — Apache Ambari: In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-5671 — Honeywell Intermec_pc23_firmware: Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. CVSSv3.1 8.8 (HIGH)
CVE-2016-9924 — Synacor Zimbra_collaboration_suite: Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks. CVSSv3.1 9.8 (CRITICAL)
CVE-2017-2689 — Siemens Ruggedcom_rox_i: RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings. CVSSv3.1 8.8 (HIGH)
CVE-2017-2688 — Siemens Ruggedcom_rox_i: The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF. CVSSv3.1 8.8 (HIGH)
CVE-2017-7297 — Suse Rancher: Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. CVSSv3.1 8.8 (HIGH)
CVE-2016-6807 — Apache Ambari: Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process. CVSSv3.1 9.8 (CRITICAL)
CVE-2016-8749 — Apache Camel: Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. CVSSv3.1 9.8 (CRITICAL)
CVE-2014-6440 — Videolan Vlc: media player before 2.1.5 allows remote attackers to execute arbitrary code or
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. CVSSv3.1 9.8 (CRITICAL)