CVE-2017-7420

An Authentication Bypass CWE-287 vulnerability in ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter...

Default configuration

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

CVE-2017-6785

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of prop...

Authentication flaw

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the 1 addPassthrough, 2 removePassthrough, 3 addEntry, 4 removeEntry, or 5 setEntries D-Bus API method...

CVE-2017-7877

CVE-2017-7877 affects flatCore 1.4.6 and is a CSRF vulnerability that allows remote attackers to modify CMS configurations. Public descriptions across NVD/CNVD/OSV lists confirm CSRF as the issue; CVSS v3.0 base score 8.8 (HIGH) with network attack, low attack complexity, no authentication, and u...

Command injection

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature...

FreeBSD -- Multiple vulnerabilities of ntp

Problem Description: Multiple vulnerabilities have been discovered in the NTP suite: CVE-2016-9311: Trap crash, Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. Reported by Matthew Van Gundy of Cisco ASIG. CVE-2016-742...

MGASA-2016-0414 Updated ntp packages fix security vulnerabilities

When ntpd is configured with rate limiting for all associations restrict default limited in ntp.conf, the limits are applied also to responses received from its configured sources. An attacker who knows the sources e.g., from an IPv4 refid in server response and knows the system is misconfigured ...

Cisco ATA 187 Analog Telephone Adapter Unauthorized Access Security Bypass Vulnerability (cisco-sa-20130206-ata187)

Cisco ATA-187 is prone to a security bypass vulnerability because it allows attackers to gain unauthorized access to the device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Exploitable Configuration Modification Vulnerability in ntpd Control Mode (Mode 6) Functionality

Network Time Protocol NTP is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. Synchronizing a computer's clock to UTC ensures that data interactions in a network can proceed smoothly.NTPD Network Time Protocol daemon is an operating...

Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability

Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...

CVE-2016-6397

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System IPICS Universal Media Services UMS could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affect...

Cisco IP Interoperability and Collaboration System Authentication Bypass Vulnerability

The Cisco IP Interoperability and Collaboration System is a set of solutions that provide voice interoperability across different systems based on IP standards. An authentication bypass vulnerability exists in Cisco IP Interoperability and Collaboration System Universal Media Services, which coul...

CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the...

CVE-2016-5366

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052...

Design/Logic Flaw

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052...

CVE-2016-2310

General Electric GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface...

Linksys X2000 未登录路由配置任意修改漏洞

No description provided by source...

Cisco Small Business 500 Series Wireless Access Point Configuration Modification Vulnerability

A vulnerability in the web interface that is used to update the system time on Cisco Small Business 500 Series Wireless Access Point devices could allow an unauthenticated, remote attacker to impact the integrity of a system. The vulnerability is due to insufficient validation of user-controlled...