Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2019-16649

Disclosure Date: September 21, 2019 (last updated November 27, 2024)
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.
Attacker Value
Unknown

CVE-2019-16650

Disclosure Date: September 21, 2019 (last updated November 27, 2024)
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.
Attacker Value
Unknown

CVE-2014-2955

Disclosure Date: July 14, 2014 (last updated October 05, 2023)
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
0
Attacker Value
Unknown

CVE-2012-2296

Disclosure Date: July 25, 2012 (last updated October 04, 2023)
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
0
Attacker Value
Unknown

CVE-2010-2341

Disclosure Date: June 18, 2010 (last updated October 04, 2023)
PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter.
0