Page 5 of 102 results (0.003 seconds)

CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 2

03 Jan 2017 — Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. Inyección de comandos remotos no autenticados como root ocurre en la URL /web/google_analytics.php de Western Digital MyCloud NAS 2.11.142 a través de un parámetro arg modificado en el dato POST. • https://packetstorm.news/files/id/173802 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 2

13 Jan 2015 — Multiple directory traversal vulnerabilities in class/session.php in Ganesha Digital Library (GDL) 4.2 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) newlang or (2) newtheme parameter. Múltiples vulnerabilidades de salto de directorio en class/session.php en Ganesha Digital Library (GDL) 4.2 permiten a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro (1) newlang o (2) newtheme. • https://www.exploit-db.com/exploits/31961 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 2

13 Jan 2015 — Cross-site scripting (XSS) vulnerability in module/search/function.php in Ganesha Digital Library (GDL) 4.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a ByEge action. Vulnerabilidad de XSS en module/search/function.php en Ganesha Digital Library (GDL) 4.2 permite a atacantes remotos inyectar secuencias de comandos web o HTMl arbitrarios a través del parámetro keyword en una acción ByEge. • https://www.exploit-db.com/exploits/31961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0

29 Jun 2013 — The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding. ** EN DISPUTA ** El servidor Web de administración del dispositivo Digital Alert Systems DASDEC EAS hasta v2.0-2 y el dispositivo Monroe Electronics R189 On... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf • CWE-255: Credentials Management Errors •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

29 Jun 2013 — The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files. El servidor web en el dispositivo Digital Alert Systems DASDEC EAS anterior a v2.0-2 y el dispositivo Monroe Electronics R189 One-Net EAS anterior a v2.0-2 permite a atacantes remotos obtener información sensible e información sobre el estado mediante la lectura de fich... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

29 Jun 2013 — dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors. dasdec_mkuser en el dispositivo Digital Alert Systems DASDEC EAS anterior a v2.0-2 y el dispositivo Monroe Electronics R189 One-Net EAS anterior a v2.0-2 genera contraseñas previsibles, lo que podría hacer más fácil para los atacantes obte... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf •

CVSS: 10.0EPSS: 8%CPEs: 4EXPL: 0

29 Jun 2013 — The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network. El dispositivo Digital Alert Systems DASDEC EAS anterior a v2.0-2 y el dispositivo Monroe Electronics R189 One-Net EAS anterior a v2.0-2 tener una contraseña por defecto para una cuenta administrativa, lo que hace que sea más fácil para un atacante remoto p... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 62%CPEs: 4EXPL: 0

29 Jun 2013 — The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session. La configuración por defecto del dispositivo Digital Alert Systems DASDEC EAS hasta v2.0-2 y el dispositivo Monroe Electronics R189 One-Net hasta v2.0-2 contiene un clave SSH privada conocida, lo que hace que sea más fácil p... • http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf • CWE-310: Cryptographic Issues •

CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0

04 Dec 2010 — SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente de Joomla! Yannick Gaultier sh404SEF en versiones anteriores 2.1.8.777. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0

04 Dec 2010 — Cross-site scripting (XSS) vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Yannick Gaultier sh404SEF en versiones anteriores a la 2.1.8.777 de Joomla!. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar. • http://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •