CVSS: 10.0EPSS: 32%CPEs: 2EXPL: 3CVE-2019-7274 – Optergy 2.3.0a - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-7274
01 Jul 2019 — Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Los dispositivos Optergy Proton / Enterprise permiten la carga de archivos autenticados con la ejecución de código como root. • https://packetstorm.news/files/id/155269 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 57%CPEs: 2EXPL: 1CVE-2019-7275 – Optergy Proton/Enterprise BMS 2.3.0a Open Redirect
https://notcve.org/view.php?id=CVE-2019-7275
01 Jul 2019 — Optergy Proton/Enterprise devices allow Open Redirect. Los dispositivos Optergy Proton/Enterprise permiten una redirección abierta. Optergy Proton/Enterprise BMS versions 2.3.0a and below suffer from an open redirect vulnerability. • https://packetstorm.news/files/id/155268 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7277
https://notcve.org/view.php?id=CVE-2019-7277
01 Jul 2019 — Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. Los dispositivos Optergy Proton/Enterprise permiten la divulgación de información de red interna no autenticada. • http://www.securityfocus.com/bid/108686 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7278
https://notcve.org/view.php?id=CVE-2019-7278
01 Jul 2019 — Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. Los dispositivos Optergy Proton/Enterprise tienen un servicio de envío de SMS no autenticado. • http://www.securityfocus.com/bid/108686 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-7279
https://notcve.org/view.php?id=CVE-2019-7279
01 Jul 2019 — Optergy Proton/Enterprise devices have Hard-coded Credentials. Los dispositivos Optergy Proton/Enterprise tienen credenciales codificadas. • http://www.securityfocus.com/bid/108686 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 2CVE-2019-7276 – Optergy Proton and Enterprise BMS Command Injection using a backdoor
https://notcve.org/view.php?id=CVE-2019-7276
01 Jul 2019 — Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. Los dispositivos Optergy Proton/Enterprise permiten la ejecución remota de código raíz a través de una consola Backdoor. • https://packetstorm.news/files/id/171564 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11403
https://notcve.org/view.php?id=CVE-2019-11403
21 Apr 2019 — In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page. En Gradle Enterprise versiones anteriores a 2018.5.2, Build Cache Nodes reflejaría la contraseña configurada al ver el código fuente HTML de la página de configuración. • https://gradle.com/enterprise/releases/2018.5/#changes-2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11402
https://notcve.org/view.php?id=CVE-2019-11402
21 Apr 2019 — In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format. En Gradle Enterprise versiones anteriores a 2018.5.3, Build Cache Nodes no almacenaba las credenciales en un formato cifrado. • https://gradle.com/enterprise/releases/2018.5/#changes-3 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2008-7312
https://notcve.org/view.php?id=CVE-2008-7312
23 Aug 2012 — The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address. Filtering Service de Websense Enterprise v5.2 hasta 6.3 no considera la dirección IP durante la categorización de las URL, lo que facilita a los atacantes remotos evitar la filtración a través de una petición HTTP, ... • http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5742
https://notcve.org/view.php?id=CVE-2006-5742
06 Nov 2006 — The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)". La consola de AirMagnet Enterprise y la consola de Sensor Remoto (Laptop) en AirMagnet Enterprise anterior 7.5 construcción 6307 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección d... • http://secunia.com/advisories/22475 •