Authentication is not required to exploit this vulnerability. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). This issue affects Apache Airflow = V7.1 = V2.5 = V2.0 and = V2.0 and id command results in a ok response.īMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. This logging server had no authentication and allows reading log files of DAG jobs. If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. NOTE: the vendor has disputed this as described in. ** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |