Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown
CVE-2019-16649
Disclosure Date: September 21, 2019 (last updated November 27, 2024)
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.
0
Attacker Value
Unknown
CVE-2019-16650
Disclosure Date: September 21, 2019 (last updated November 27, 2024)
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.
0
Attacker Value
Unknown
CVE-2014-2955
Disclosure Date: July 14, 2014 (last updated October 05, 2023)
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
0
Attacker Value
Unknown
CVE-2012-2296
Disclosure Date: July 25, 2012 (last updated October 04, 2023)
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
0
Attacker Value
Unknown
CVE-2010-2341
Disclosure Date: June 18, 2010 (last updated October 04, 2023)
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
0