111 matches found
CVE-2020-29492
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station...
UniFi Video <= 3.9.3 Multiple Vulnerabilities
UniFi Video on Windows is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
CVE-2018-18877
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page configmain.php that allows manipulation of the device...
Design/Logic Flaw
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page configmain.php that allows manipulation of the device...
McAfee Web Gateway Configuration/Environment Manipulation Vulnerability
McAfee Web Gateway MWG is a security gateway product from McAfee USA. The product provides threat protection, application control, and data loss prevention. A configuration/environment manipulation vulnerability exists in the management interface in McAfee MWG version 7.8.1.x, which can be...
CVE-2018-6678
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway MWG MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors...
Design/Logic Flaw
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway MWG MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors...
CVE-2018-6678
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway MWG MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors...
CVE-2018-6678
CVE-2018-6678 affects McAfee Web Gateway (MWG) 7.8.1.x. The vulnerability exists in the administrative interface and allows authenticated administrator users to execute arbitrary commands via unspecified vectors (configuration/environment manipulation). Connected documents consistently describe M...
CVE-2018-6678 McAfee Web Gateway (MWG) - Configuration/Environment manipulation vulnerability
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway MWG MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors...
ADB Group Manipulation Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N...
CVE-2018-12338
Undocumented Factory Backdoor in ECOS System Management Appliance aka SMA 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access...
CVE-2018-6223
A missing authentication for appliance registration vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to manipulate the registration process of the product to reset configuration parameters...
Asus Unauthenticated LAN Remote Command Execution Exploit
Exploit for hardware platform in category remote exploits Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE...
Master IP CAM 01 Vulnerabilities
Some time ago I analized this ipcam with my friend Dzonerzy: var serialNum="VVVIPCSBC150617Z-06929VjmJH54vkK"; var model="RTIPC"; var hardVersion="5900-gc1004"; var softVersion="V3.3.4.2103-S50-SBC-B20150721E"; var ipcname="WIFICAM"; var startdate="2017-8-5 0:0:2"; var runtimes="0 day, 0:54"; var...
Cisco IOS XE Smart Install Protocol Misuse (cisco-sr-20170214-smi)
The remote Cisco IOS XE device has the Smart Install Feature enabled. The Smart Install SMI protocol does not require authentication by design. The absence of an authorization or authentication mechanism in the SMI protocol between the integrated branch clients IBC and the director can allow a...
Innovaphone PBX Admin-GUI - Cross-Site Request Forgery
Title: Innovaphone PBX Admin-GUI CSRF Impact: High CVSS2 Score: 7.8 AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C Announced: August 21, 2014 Reporter: Rainer Giedat NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de Products: Innovaphone PBX Administration GUI Affected Versions: all known versions teste...
Innovaphone PBX Cross Site Request Forgery Vulnerability
Innovaphone PBX suffers from cross site request forgery vulnerabilities in the administrative user interface. Title: Innovaphone PBX Admin-GUI CSRF Impact: High CVSS2 Score: 7.8 AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C Announced: August 21, 2014 Reporter: Rainer Giedat NSIDE ATTACK LOGIC GmbH,...
SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot
SEC Consult Vulnerability Lab Security Advisory 20140307-0 ======================================================================= title: Unauthenticated access & manipulation of settings product: Huawei E5331 MiFi mobile hotspot vulnerable version: Software version 21.344.11.00.414 fixed version...
openSUSE Security Update : NetworkManager-gnome (NetworkManager-gnome-563)
The NetworkManager configuration was too permissive and allowed any user to read secrets CVE-2009-0365 or manipulate the configuration of other users CVE-2009-0578. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...