Lucene search
K

112 matches found

NVD
NVD
added 2022/12/06 4:15 p.m.18 views

CVE-2022-38123

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...

8.7CVSS0.00747EPSS
Exploits0References1
Prion
Prion
added 2022/12/06 4:15 p.m.15 views

Input validation

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...

5.8CVSS6.9AI score0.00747EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/12/06 3:58 p.m.23 views

CVE-2022-38123 Insufficient validation of plugin files

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...

8.7CVSS8.8AI score0.00747EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.5 views

PT-2022-24217 · Secomea · Secomea Gatemanager

Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions prior to 10.0 Description: The issue is related to improper input validation of plugin files in the Administrator Interface of Secomea GateManager, allowing a server administrator to inject code into the GateManag...

8.7CVSS6.9AI score0.00747EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.2 views

Secomea GateManager 输入验证错误漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secoema GateManager versions prior to 10.0, which stems from incorrect input validation of a plug-in file in the administrator interface allowing a server administrator to inject code...

8.7CVSS7.2AI score0.00747EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.4 views

Proofpoint Enterprise Protection 代码注入漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A code injection vulnerability exists in Proofpoint Enterprise Protection PPS/PoD version 8.19.0 and prior versions, which stems from the administrator user interface containing a...

7.2CVSS7.1AI score0.01468EPSS
Exploits1References2
Prion
Prion
added 2022/11/04 12:15 p.m.18 views

Xxe

XML External Entity XXE vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported...

5.8CVSS6.7AI score0.00536EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/09 4:15 p.m.18 views

Cross site scripting

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in a...

3.5CVSS4.5AI score0.00575EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/10/27 2:15 p.m.4 views

CVE-2021-41590

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...

5.3CVSS5.8AI score0.00775EPSS
Exploits0References2
OSV
OSV
added 2021/10/27 2:15 p.m.5 views

CVE-2021-41619

An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...

7.2CVSS6.4AI score0.02635EPSS
Exploits0References2
CNVD
CNVD
added 2021/08/18 12:0 a.m.12 views

ProLink PRC2402M Information Disclosure Vulnerability (CVE-2021-36708)

ProLink PRC2402M is a router from ProLink Singapore. An information disclosure vulnerability exists in the setsysinit function in the login.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker can exploit this vulnerability to reset the password in the administrator interfac...

5CVSS2.8AI score0.01217EPSS
Exploits1Affected Software1
NVD
NVD
added 2021/08/16 7:15 p.m.28 views

CVE-2021-22937

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface...

7.2CVSS0.07828EPSS
Exploits1References1
Prion
Prion
added 2021/06/02 2:15 p.m.15 views

Design/Logic Flaw

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security DBSec prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to...

2.7CVSS4.8AI score0.00204EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/05/19 7:15 p.m.4 views

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

7.5CVSS7.1AI score0.00638EPSS
Exploits0References2
CNVD
CNVD
added 2021/05/07 12:0 a.m.22 views

ASUS GT-AC2900 authorization issue vulnerability

ASUS GT-AC2900 is a router from ASUS China.A security vulnerability exists in versions prior to ASUS GT-AC2900 devices 3.0.0.4.386.42643, which allows the administrator application to allow bypass of authentication when handling remote input from unauthenticated users, which could be exploited by...

9.8CVSS5AI score0.99393EPSS
Exploits1References1
NVD
NVD
added 2021/05/06 3:15 p.m.16 views

CVE-2021-32030

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...

9.8CVSS0.99393EPSS
Exploits1References5
Prion
Prion
added 2021/05/06 3:15 p.m.12 views

Authentication flaw

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlerequest in router/httpd/httpd.c and authche...

7.5CVSS9.6AI score0.99393EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/06 2:54 p.m.24 views

CVE-2021-32030

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.438446630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handlereques...

9.9AI score0.99393EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/09/04 12:0 a.m.6 views

PT-2020-15878 · Tenda · Tenda Ac18 Router

Name of the Vulnerable Software and Affected Versions: Tenda AC18 Router versions through V15.03.05.05 EN Tenda AC18 Router versions through V15.03.05.196318 CN Description: The issue is related to incorrect authentication handling of the logincheck function in the /usr/lib/lua/ngx authserver/ngx...

9.8CVSS9.8AI score0.03104EPSS
Exploits0References4
Prion
Prion
added 2020/07/30 1:15 p.m.14 views

Path traversal

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface...

4CVSS5AI score0.0228EPSS
Exploits0References1Affected Software4
Rows per page
Query Builder