CVE-2017-8176

Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view...

Polycom QDX 6000 Cross-Site Request Forgery Vulnerability

Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom, Inc.Web application interface is one of the Web application interfaces. A cross-site request forgery vulnerability exists in the web application interface in Polycom QDX 6000 devices. A remote attacker could use this...

Default credentials

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling futur...

Cross site request forgery (csrf)

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the...

CVE-2017-14011

A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site request forgery. This may allow an attacker to execute unauthorized code, resulting in changes to the...

CVE-2017-14011

CVE-2017-14011 affects the ProMinent MultiFLEX M10a Controller web interface. The vulnerability is a Cross-Site Request Forgery arising from insufficient verification of requests in the application, which may allow an attacker to perform unauthorized actions and change the device configuration. A...

CVE-2017-14005

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling futur...

CVE-2017-10612

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

CVE-2017-9273

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes...

CVE-2017-9273

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes...

Cisco Unified Communications Manager Elevation of Privilege Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An elevation of privilege...

Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

CVE-2017-9489

The Comcast firmware on Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST devices allows configuration changes via CSRF...

CVE-2017-9490

The Comcast firmware on Arris TG1682G eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG16822.2p7s2PRODsey devices allows configuration changes via CSRF...

Cross site request forgery (csrf)

The Comcast firmware on Arris TG1682G eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG16822.2p7s2PRODsey devices allows configuration changes via CSRF...

Cross site request forgery (csrf)

The Comcast firmware on Cisco DPC3939B firmware version dpc3939b-v303r204217-150321a-CMCST devices allows configuration changes via CSRF...

CVE-2017-9490

CVE-2017-9490 concerns the Comcast firmware in Arris TG1682G (eMTA&DOCSIS 10.0.132.SIP.PC20.CT; TG1682_2.2p7s2_PROD_sey). The connected CNVD entry describes a Cross-Site Request Forgery (CSRF) vulnerability that enables a remote attacker to change device configuration via the firmware. The issue ...

CVE-2017-9490

The Comcast firmware on Arris TG1682G eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG16822.2p7s2PRODsey devices allows configuration changes via CSRF...

Televes COAXDATA GATEWAY 1Gbps Device Unauthorized Operation Vulnerability

The Televes COAXDATA GATEWAY 1Gbps devices is a wireless router device from the Spanish company Televes. A security vulnerability exists in the Televes COAXDATA GATEWAY 1Gbps devices that stems from a lack of access control for the backup/restore feature. An attacker could exploit the vulnerabili...

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...