CVE-2022-39833

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...

AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

Directory traversal

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

Ruckus IoT Controller Web UI Authentication Bypass (CVE-2020-26879)

An authentication bypass vulnerability exists in Ruckus IoT Controller Web UI. The vulnerability is due to improperly handling of a crafted HTTP request. A remote attacker could exploit the vulnerability by sending crafted HTTP requests to the target server...

Cisco Email Security Appliance Information Disclosure (cisco-sa-cnt-sec-infodiscl-BVKKnUG)

According to its self-reported version, Cisco Email Security Appliance is affected by an information disclosure vulnerability that could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak...

CVE-2022-20942

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to retrieve sensitive information from...

CVE-2022-20868

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

Hardcoded credentials

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit thi...

CVE-2022-20951

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery SSRF attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An...

Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esasmawsa-vulns-YRuSW5mD)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. - an SQL injection vulnerability that could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. To exploit this vulnerability, an...

Cisco Secure Web Appliance Privilege Escalation (cisco-sa-esasmawsa-vulns-YRuSW5mD)

According to its self-reported version, Cisco Secure Web Appliance is affected by a privilege escalation vulnerability thathat could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the use of a hard-coded value to encrypt a token...

Cisco Identity Services Engine Insufficient Access Control Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected...

The vulnerability of FortiWeb web applications’ network firewalls, related to writing data beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of FortiWeb web applications’ network firewalls is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTTP request...

CVE-2022-20822 Cisco Identity Services Engine Unauthorized File Access Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

SUSE SLES15 Security Update : jdom (SUSE-SU-2022:3547-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3547-1 advisory. - CVE-2021-33813: Fixed XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request bsc1187446. Tenable has extracted t...

Cisco Identity Services Engine Unauthorized File Access Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to list, download, and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could explo...

CVE-2022-41547

Mobile Security Framework MobSF v0.9.2 and below was discovered to contain a local file inclusion LFI vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request...

CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on t...

Server side request forgery (ssrf)

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...