Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
RedTeam Pentesting discovered a vulnerability which allows attackers
unauthenticated access to the diagnostic functions of the administrative
interface of the REDDOXX appliance. The functions allow, for example, to
Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance
RedTeam Pentesting discovered an information disclosure vulnerabilty in
the REDDOXX appliance software, which allows unauthenticated attackers
to extract valid session IDs.
Details
===
Product: REDDOXX Appliance
Advisory: Remote Command Execution as root in REDDOXX Appliance
RedTeam Pentesting discovered a remote command execution vulnerability
in the REDDOXX appliance software, which allows attackers to execute
arbitrary command with root privileges while unauthenticated.
Details
===
Product:
Advisory: Cross-Site Scripting in REDDOXX Appliance
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the REDDOXX appliance software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.
Details
===
Product: REDDOXX Appliance
Affected
Advisory: Undocumented Administrative Service Account in REDDOXX Appliance
RedTeam Pentesting discovered an undocumented service account in the
REDDOXX appliance software, which allows attackers to access the
administrative interface of the appliance and change its configuration.
Details
Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in
REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability
in the REDDOXX appliance software, which allows unauthenticated
attackers to list directory contents and download arbitrary
Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure
vulnerability in the REDDOXX appliance software, which allows
unauthenticated attackers to download arbitrary files from the affected
system.
Details
===
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3917-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2017
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] seamonkey (SSA:2017-202-01)
New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03745en_us
Version: 3
10 matches
Mail list logo