Design/Logic Flaw

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors...

CVE-2015-8482

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors...

Command injection

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...

CVE-2015-6362

The web GUI in Cisco Connected Grid Network Management System CG-NMS 3.00.35 and 3.00.54 allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640...

Design/Logic Flaw

The web GUI in Cisco Connected Grid Network Management System CG-NMS 3.00.35 and 3.00.54 allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640...

CVE-2015-6362

CVE-2015-6362 affects Cisco Connected Grid Network Management System (CG-NMS) web GUI in versions 3.0(0.35) and 3.0(0.54). The issue arises from insufficient authorization controls, allowing remote authenticated users in the Monitor-Only role to bypass restrictions and modify configuration. The r...

PHP Server Monitor Multiple CSRF Vulnerabilities

PHP Server Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpserver:monitor";...

PHP Server Monitor 3.1.1- Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt Vendor: ================================ www.phpservermonitor.org...

Udemy: Reflected XSS and/or malicious redirection via JWPlayer 6 configuration modification

1 Malicious attacker by visiting course page e.g. https://www.udemy.com/overview-of-big-data-hadoop/ and intercepting browser's generated requests can find one to the following URL:...

ZyXEL PMG5318-B20A Incorrect Authorization Vulnerability

ZyXEL PMG5318-B20A is a wireless switch product from Hopkins ZyXEL Technology. A security vulnerability exists in the ZyXEL PMG5318-B20A using firmware version V100AANC0b5. A remote attacker can exploit the vulnerability to modify the system configuration...

Chiyu Technology fingerprint access control contains multiple vulnerabilities

Overview Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting XSS vulnerability and an authentication bypass vulnerability. Description CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS- CVE-2015-2870According to t...

Grandsteam GXV3611_HD camera is vulnerable to SQL injection

Overview The Grandsteam GXV3611HD is an IP network camera used for surveillance and security. The Grandsteam GXV3611HD is vulnerable to a SQL injection attack. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2015-2866The Grandstream...

CVE-2015-0669

Cisco IOS 15.4S and 15.4(3)S are affected by CVE-2015-0669 due to insufficient validation of Autonomic Networking (AN) messages in the Autonomic Networking Infrastructure (ANI). A remote, unauthenticated attacker can craft AN messages over an intranet to overwrite configuration settings, causing ...

CVE-2015-1454

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software...

XEROX Multiple Product Unauthenticated Remote Firmware Injection Vulnerability

Added: 12/19/2014 BID: 52483 OSVDB: 80096 Background Some Xerox Multifunction Printers MFP utilize Dynamic Loadable Modules DLM for patching, upgrading and cloning. The DLMs can be delivered to the printer via the Jet Direct printer service on TCP port 9100. Problem Multiple Xerox products are...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action...

CVE-2013-3089

Cross-site request forgery CSRF vulnerability in apply.cgi in Belkin N300 F7D7301v1 router allows remote attackers to hijack the authentication of administrators for requests that modify configuration...

CVE-2014-5335

Multiple cross-site request forgery CSRF vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by 1 changing the administrator password via a crafted...

Zend Platform 2.2.1 PHP.INI File Modification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' program that may be...