231 matches found
Netgate pfSense CE 跨站脚本漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...
CVE-2024-57273
CVE-2024-57273 affects Netgate pfSense CE and Plus builds older than pfSense 2.8.0 beta, with a stored/reflected XSS in the Automatic Configuration Backup (ACB) service. The unsanitized Reason field (and a derivable device key from the public SSH key) enables remote attacker JavaScript execution,...
PT-2025-21163 · Netgate · Pfsense Ce
Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...
CVE-2024-57273
Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...
Exploit for Relative Path Traversal in Fortinet Fortimanager
Fortimanager insufficient authorization checks CVE-2024-23666...
CVE-2024-50358
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by authenticated users by restoring a tampered...
CVE-2024-52321
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker...
CVE-2024-52321
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker...
CVE-2024-52321
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker...
CVE-2024-52321
CVE-2024-52321 affects SHARP routers via improper authentication in the configuration backup function, allowing a remote unauthenticated attacker to retrieve backup files containing sensitive information. Affected devices include home 5G HR02 (S5.82.00 and earlier), Wi‑Fi STATION SH-52B (S3.87.11...
PT-2024-35176 · Sharp · Sharp Routers
Name of the Vulnerable Software and Affected Versions: SHARP routers affected versions not specified Description: The issue is related to an improper authentication vulnerability in the configuration backup function of SHARP routers. This vulnerability allows a remote unauthenticated attacker to...
Multiple vulnerabilities in SHARP routers
Overview SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 - CVE-2024-45721 The hidden debug function is enabled CWE-489 - CVE-2024-46873 Buffer overflow vulnerability in the hidden debug function CWE-120 -...
CVE-2024-50358
CVE-2024-50358 affects Advantech EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3), and EKI-6333AC-1GPO ( 1.6.3 and EKI-6333AC-1GPO > 1.2.1. As a temporary measure, restrict access to the configuration backup restoration feature until patches are applied. Public details explicitly des...
CVE-2024-50358
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by authenticated users by restoring a tampered...
CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
CVE-2024-20280
CVE-2024-20280 affects Cisco UCS Central Software backup feature. The root cause is a weakness in the encryption method using a static key for backup configuration, allowing an attacker with access to a backup file to learn sensitive information stored in full state and configuration backups. Aff...
Cisco UCS Central Software Configuration Backup Information Disclosure Vulnerability
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
Cambium EPMP 1000 SNMP Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 SNMP Enumeration', 'Description' = % Cambium devices ePMP, PMP, Force, & others can be administered using SNMP. The device...
CVE-2024-21757
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker ...
CVE-2024-21757
CVE-2024-21757 affects Fortinet FortiManager and FortiAnalyzer. The issue enables an attacker to change admin passwords via a device configuration backup due to an unverified password change. Affected: FortiManager 7.0.0–7.0.10, 7.2.0–7.2.4, 7.4.0–7.4.1; FortiAnalyzer 7.0.0–7.0.10, 7.2.0–7.2.4, 7...