162 matches found
Aruba Networks ArubaOS 安全漏洞
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authentication information disclosure...
Ubuntu: Security Advisory (USN-4785-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...
Improper access control
Improper access control vulnerability in Rakuten Casa version APFV141 or APFV200 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connect...
CVE-2022-28704
Improper access control vulnerability in Rakuten Casa version APFV141 or APFV200 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connect...
CVE-2022-23129
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...
Cross site scripting
Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...
Design/Logic Flaw
Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...
CVE-2022-23127
Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...
Line Corporation Line Client For Ios 安全漏洞
Line Corporation Line Client For Ios is a communication application from Line Corporation, Japan. A security vulnerability exists in Line Client For Ios versions prior to 11.15.0, which can be exploited by an attacker to obtain service-specific authentication information in combination with a...
CVE-2021-36095
Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG OTRS Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions...
CVE-2021-25644
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...
Authentication flaw
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...
Cisco Jabber 信息泄露漏洞
Cisco Jabber is a web conferencing and instant messaging application that allows users to send messages over the Extensible Messaging and Status Protocol XMPP. Cisco Jabber has an information disclosure vulnerability that can be exploited by an attacker by sending a crafted XMPP message to the...
Cisco Jabber Input Validation Error Vulnerability
Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice, and other features. Cisco Jabber suffers from an Input Validation Error vulnerability, which is caused by the software...
CVE-2020-27657
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors...
CVE-2020-6283
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...
CVE-2020-6283
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...
CVE-2020-3498
A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted...