CVE-2018-15459 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

Input validation

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...

CVE-2019-3581 McAfee Web Gateway denial of service attack due to Improper Input Validation

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter...

The vulnerability in the web interface of D-Link’s microprogrammed router software allows a hacker to gain access to and read arbitrary files.

The vulnerability of D-Link microprogrammed software router web interfaces lies in insufficient checking of the path to the directory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to and read arbitrary files using a specially crafted HTTP request...

CVE-2018-15709

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request...

Cross site request forgery (csrf)

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request...

Nagios XI RCE via Snoopy Library

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. Recent assessments: space-r7 at June 28, 2019 3:23pm UTC reported: If this vulnerability is found in the wild, then it’s likely that the target is vulnerable to...

CVE-2018-15394 Cisco Stealthwatch Management Console Authentication Bypass Vulnerability

A vulnerability in the Stealthwatch Management Console SMC of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system...

RhinOS CMS 3.x - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: RhinOS CMS 3.x - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: http://www.saltos.org/ Software Link: https://netix.dl.sourceforge.net/project/rhinos/archived/r1190/RhinOS-en-3.0-1190.win32.exe Version: 3....

CVE-2018-7432

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request...

CVE-2018-7432

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request...

CVE-2018-15704

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp...

CVE-2018-15704

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp...

OrientDB-Server vulnerable to Cross-Site Request Forgery

The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and obtain sensitive information, via a crafted HTTP...

CVE-2017-2878

An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an...

Authentication flaw

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmwar...

CVE-2018-0371

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...

CVE-2017-3960

Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter...

Xxe

External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...

CVE-2018-6670

External Entity Attack vulnerability in the ePO extension in McAfee Common UI CUI 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter...