>> CATEGORY: exploit

Lepide Auditor Suite suffers from a createdb() web console database injection remote code execution vulnerability.

LibTIFF suffers from a denial of service vulnerability in tif_dirwrite.c.

LibTIFF versions 4.0.8 and below suffer from a denial of service vulnerability in tif_jbig.c.

LibTIFF version 4.0.7 suffers from a _TIFFVGetField (tiffsplit) out-of-bounds read vulnerability.

Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads…

The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development…

The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.

Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.

Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.