1073 matches found
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
CVE-2021-21588
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...
Cross site scripting
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...
CVE-2021-21588
Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...
Cisco DCNM auth bypass
This exploit is able to add an admin account to a Cisco DCNM with credentials you can choose. After that, you can login to the web interface with those credentials. The only necessary condition is the more or less recent connection of an admin as this exploit uses a kind of session stealing. Modu...
Gallagher Command Center Server Processing Logic Error Vulnerability
Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A Processing Logic Error vulnerability exists in Gallagher Command Centre Server that stems from incorrect coding or escaping in Gallagher Command Centre Server...
Siemens SINAMICS SL150 输入验证错误漏洞
Siemens SINAMICS SL150 is an application program of Siemens, Germany. Cyclic frequency converter for high-torque slow-speed synchronous and induction motors. An input validation error vulnerability exists in the SINAMICS SL150, which can be exploited by an attacker to cause a denial-of-service...
CVE-2021-32930
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView versions prior to v5.7.03.6182...
Gallagher Command Centre Server 处理逻辑错误漏洞
Gallagher Command Center Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A Processing Logic Error vulnerability exists in Gallagher Command Centre Server that stems from incorrect coding or escaping in Gallagher Command Centre Server...
Bosch IP cameras 访问控制错误漏洞
Bosch IP cameras are German Bosch network cameras A security vulnerability in Bosch IP cameras, which stems from a lack of authentication in a critical function of the cameras, allows an unauthenticated remote attacker to extract sensitive information or change camera settings by sending a crafte...
SUSE-SU-2021:1782-1 Security update for postgresql10
This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations bsc1185924. - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists bsc1185925. - Don't u...
The vulnerability in the web interface of the programmatically defined Cisco SD-WAN messaging service allows a perpetrator to bypass authentication and alter the configuration of the target system.
The vulnerability of the Cisco SD-WAN program-defined messaging web interface is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass authentication and alter the configuration of the target system by sending specially crafted HTTP requests...
CVE-2020-27149
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed...
CVE-2021-1284
A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able t...
PT-2021-2982 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient authorization checks in the web-based messaging service interface of Cisco SD-WAN vManage Software. This could allow an...
GravCMS Remote Command Execution
This module exploits arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify...
SUSE-SU-2021:1472-1 Security update for ceph, deepsea
This update for ceph, deepsea fixes the following issues: - ceph was updated to 14.2.20-402-g6aa76c6815: CVE-2021-20288: Fixed unauthorized globalid reuse bsc1183074. CVE-2020-25678: Do not add sensitive information in Ceph log files bsc1178905. CVE-2020-27839: Use secure cookies to store JWT Tok...
Citrix Endpoint Management AutoDiscovery Service Migration FAQ
What Changed? On April 15th Citrix Legacy AutoDiscovery Service Records were migrated ads.xm.cloud.com to discovery.cem.cloud.us What will we see on first Logon? 1. Citrix Active Discovery Service ADSUI→ shows no domain claimed After login will see no domains in ADS UI when they first logon. No...
CVE-2021-20716
Hidden functionality in multiple Buffalo network devices BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54...
Buffalo network devices 安全漏洞
Buffalo firmware is a network device from Buffalo Japan. A security vulnerability exists in Buffalo network devices that could allow a remote attacker to open debugging options and execute arbitrary code or operating system commands to alter the configuration and cause a denial-of-service DoS...