CVE-2020-1716

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...

CVE-2021-29203

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands,...

CVE-2021-1284

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able t...

CVE-2021-1284

CVE-2021-1284 describes an authentication bypass vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software. An unauthenticated, adjacent attacker can exploit crafted HTTP requests to bypass authentication/authorization and gain unauthenticated read and write acce...

Authorization Bypass

ceph:edge is vulnerable to authorization bypass. ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks...

Cross site request forgery (csrf)

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker cou...

Rockwell Automation FactoryTalk Services Platform

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Services Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability...

CVE-2019-18255

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation...

CVE-2021-22652

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Recent assessments: wvu-r7 at February 11, 2021 11:19pm UTC reported: The patch adds authenticatio...

Micro Focus SUSE CaaS Platform Security Vulnerability

A security vulnerability exists in SUSE CaaS Platform that stems from enabling a local attacker to leak a bootstrapToken or modify a configuration file before processing it, leading to arbitrary modifications to a computer/cluster...

Unauthorized Access Vulnerability in ELYCN Recording and Broadcasting Platform of Zhejiang Dahua Technology Co.(CNVD-2021-15563)

DAHUA is a leading video-based intelligent IOT solution provider and operation service provider in the world. An unauthorized access vulnerability exists in the ELYCN recording and broadcasting platform of Zhejiang Dahua Technology Company Limited, which can be exploited by attackers to modify...

Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution

Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Remote Program Execution Date: 08.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version:...

CVE-2021-1305

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

Authorization

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

Authorization

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

CVE-2021-1305 Cisco SD-WAN vManage Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

CVE-2021-1305 Cisco SD-WAN vManage Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

CVE-2021-1305

Cisco SD-WAN vManageAuthorization Bypass vulnerabilities allow an authenticated, remote attacker to bypass authorization via the web-based management interface and access or view sensitive information. The issue stems from insufficient authorization checks in the vManage web UI, enabling potentia...

CVE-2021-1302 Cisco SD-WAN vManage Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

CVE-2021-1304 Cisco SD-WAN vManage Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...