Exploitable Configuration Modification Vulnerability in ntpd Control Mode (Mode 6) Functionality

Network Time Protocol NTP is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. Synchronizing a computer's clock to UTC ensures that data interactions in a network can proceed smoothly.NTPD Network Time Protocol daemon is an operating...

Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability

Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...

CVE-2016-6397

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System IPICS Universal Media Services UMS could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affect...

Cisco IP Interoperability and Collaboration System Authentication Bypass Vulnerability

The Cisco IP Interoperability and Collaboration System is a set of solutions that provide voice interoperability across different systems based on IP standards. An authentication bypass vulnerability exists in Cisco IP Interoperability and Collaboration System Universal Media Services, which coul...

CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the...

CVE-2016-5366

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052...

Design/Logic Flaw

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052...

CVE-2016-2310

General Electric GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface...

Linksys X2000 未登录路由配置任意修改漏洞

No description provided by source...

Cisco Small Business 500 Series Wireless Access Point Configuration Modification Vulnerability

A vulnerability in the web interface that is used to update the system time on Cisco Small Business 500 Series Wireless Access Point devices could allow an unauthenticated, remote attacker to impact the integrity of a system. The vulnerability is due to insufficient validation of user-controlled...

Design/Logic Flaw

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors...

CVE-2015-8482

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors...

Command injection

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...

CVE-2015-6362

The web GUI in Cisco Connected Grid Network Management System CG-NMS 3.00.35 and 3.00.54 allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640...

Design/Logic Flaw

The web GUI in Cisco Connected Grid Network Management System CG-NMS 3.00.35 and 3.00.54 allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640...

CVE-2015-6362

CVE-2015-6362 affects Cisco Connected Grid Network Management System (CG-NMS) web GUI in versions 3.0(0.35) and 3.0(0.54). The issue arises from insufficient authorization controls, allowing remote authenticated users in the Monitor-Only role to bypass restrictions and modify configuration. The r...

PHP Server Monitor Multiple CSRF Vulnerabilities

PHP Server Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpserver:monitor";...

PHP Server Monitor 3.1.1- Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt Vendor: ================================ www.phpservermonitor.org...

Udemy: Reflected XSS and/or malicious redirection via JWPlayer 6 configuration modification

1 Malicious attacker by visiting course page e.g. https://www.udemy.com/overview-of-big-data-hadoop/ and intercepting browser's generated requests can find one to the following URL:...

ZyXEL PMG5318-B20A Incorrect Authorization Vulnerability

ZyXEL PMG5318-B20A is a wireless switch product from Hopkins ZyXEL Technology. A security vulnerability exists in the ZyXEL PMG5318-B20A using firmware version V100AANC0b5. A remote attacker can exploit the vulnerability to modify the system configuration...