MOXA TN-5900 授权问题漏洞

MOXA TN-5900 is a series of industrial firewall routers from China MOXA. An authentication error vulnerability exists in the MOXA TN-5900 prior to version v3.3, which stems from insufficient authentication measures implemented in the Web API handler, and can be exploited by an attacker to cause a...

FortiWeb - Path traversal in API handler

A relative path traversal vulnerability CWE-23 in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...

CVE-2021-21506

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISIPRIVSYSSUPPORT and ISIPRIVLOGINPAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation...

Input validation

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISIPRIVSYSSUPPORT and ISIPRIVLOGINPAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation...

CVE-2021-21506

CVE-2021-21506 affects Dell PowerScale OneFS 8.1.2, 8.2.2 and 9.1.0. The issue is described as an improper input sanitization in the API handler. Exploitation requires an unauthenticated user with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges, potentially enabling privileges escalation....

FreePBX 2.11.0 - Remote Command Execution

!/usr/bin/perl use strict; use warnings; use IO::Socket::INET; Exploit Title: FreePBX 2.9,2.10,2.11,12 Remote Command Execution Google Dork: n/a Date: 2/25/14 Exploit Author: @0x00string Vendor Homepage: http://www.freepbx.org/ Software Link: http://mirror.freepbx.org/freepbx-2.11.0.tar.gz Versio...

CVE-2014-1903

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args...

Code injection

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args...