10 matches found
CVE-2009-1797
Multiple cross-site request forgery CSRF vulnerabilities on the Network Management Card NMC on American Power Conversion APC Switched Rack PDU aka Rack Mount Power Distribution devices and other devices allow remote attackers to hijack the authentication of 1 administrator or 2 device users for...
The vulnerability of the APC Easy UPS Online Monitoring Software and Easy UPS Online Monitoring Software lies in the lack of authentication for a critical function, allowing attackers to execute arbitrary code.
The vulnerability of the APC Easy UPS Online Monitoring Software and Easy UPS Online Monitoring Software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the APC Easy UPS Online Monitoring Software lies in the lack of authentication for a critical function, allowing attackers to gain access to the software.
The vulnerability of the APC Easy UPS Online Monitoring Software relates to the absence of authentication for a critical function. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the software...
APC UPS Daemon Local Lift Vulnerability
Apcupsd APC UPS Daemon can be used for power management and control of most APC UPS models on Unix and Windows machines. APC UPS Daemon is vulnerable to a local privilege extraction vulnerability. It allows locally authenticated, unprivileged users to run arbitrary code with elevated privileges b...
CVE-2009-1798
Multiple cross-site scripting XSS vulnerabilities on the Network Management Card NMC on American Power Conversion APC Switched Rack PDU aka Rack Mount Power Distribution devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the...
CVE-2007-6226
The CVE-2007-6226 entry concerns the APC AP7932 0u 30A Switched Rack PDU. Affected components are the RPDU firmware 3.5.5 and AOS 3.5.6. The root cause is an authentication bypass that allows remote attackers to gain login access by initiating a login while another client is already logged in, th...
CVE-2005-4326
The web interface for American Power Conversion APC PowerChute Network Shutdown performs all communication in cleartext base64-encoded, which allows remote attackers to sniff authentication credentials...
CVE-2005-4326
The CVE-2005-4326 entry concerns APC PowerChute Network Shutdown’s web interface, where all communication is performed in cleartext (base64-encoded). This design allows remote attackers to sniff authentication credentials. Public references confirm the issue and the metric suggests a network-base...
CVE-2004-0311
American Power Conversion APC Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access...
CVE-2004-0311
CVE-2004-0311 affects APC Web/SNMP Management SmartSlot Card, specifically versions 3.0 through 3.0.3 and 3.21. The issue is a default password vulnerability: the device ships with the password TENmanUFactOryPOWER, allowing remote attackers to gain unauthorized access. Connected documents corrobo...