Chiyu Technology fingerprint access control contains multiple vulnerabilities

Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting XSS vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS- CVE-2015-2870According to t...

Grandsteam GXV3611_HD camera is vulnerable to SQL injection

Overview The Grandsteam GXV3611HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611HD is vulnerable to a SQL injection attack. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-2866The Grandstream...

CVE-2015-0669

Cisco IOS 15.4S and 15.4(3)S are affected by CVE-2015-0669 due to insufficient validation of Autonomic Networking (AN) messages in the Autonomic Networking Infrastructure (ANI). A remote, unauthenticated attacker can craft AN messages over an intranet to overwrite configuration settings, causing ...

CVE-2015-1454

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software...

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action...

CVE-2013-3089

Cross-site request forgery CSRF vulnerability in apply.cgi in Belkin N300 F7D7301v1 router allows remote attackers to hijack the authentication of administrators for requests that modify configuration...

CVE-2014-5335

Multiple cross-site request forgery CSRF vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by 1 changing the administrator password via a crafted...

Zend Platform 2.2.1 PHP.INI File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' program that may be...

CVE-2014-2349 Emerson DeltaV Use of Improper Authorization

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program...

CVE-2014-0769

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

Authentication flaw

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

CVE-2014-0769

Vulnerability CVE-2014-0769 affects Festo CECX-X-C1 and CECX-X-M1 controllers (CoDeSys/SoftMotion). The issue is improper authentication (CWE-287): unauthenticated access to TCP ports 4000 (debug) and 4001 (log) allows remote attackers to modify configuration or delete log entries. Public advisor...

CVE-2014-0769 Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to 1 modify the configuration via a request to the debug service on port 4000 o...

Important: 389-ds-base

Issue Overview: It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager...

Authentication flaw

SAP Network Interface Router SAProuter 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors...

CVE-2013-7093

CVE-2013-7093 affects SAP Network Interface Router (SAProuter) 39.3 SP4. The vulnerability allows remote attackers to bypass authentication and modify the SAProuter configuration via unspecified vectors. This is noted as a network-based issue with attack complexity low and no authentication requi...

UBUNTU-CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)

The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities: - Malformed HTTP or HTTPS authentication response Denial of Service CVE-2009-1164 - SSH connections Denial of Service CVE-2009-1165 - Crafted HTTP or HTTPS request Denial of Service...