UBUNTU-CVE-2021-28156

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10...

Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability (cisco-sa-cucm-selfcare-VRWWWHgE)

According to its self-reported version, the Self Care Portal of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME is affected by authorization bypass vulnerability due to insufficient validation of user-supplied data...

ManageEngine ServiceDesk Plus < 11.2 Build 11200 Unauthenticated Stored XSS

A stored cross-site scripting XSS vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator view...

ManageEngine AssentExplorer < 6.8 Unauthenticated Stored XSS

A stored cross-site scripting XSS vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator view...

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host...

CVE-2021-20021

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. Recent assessments: wvu-r7 at April 28, 2021 11:04pm UTC reported: CVE-2021-20021 is being exploited in the wild to gain...

CVE-2021-1413

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These...

Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. See CWE-402: Transmission of Private...

Cisco IOS XE Software 输入验证错误漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A denial of service vulnerability exists in the web UI of Cisco IOS XE. The vulnerability stems from insufficient error handling in the web UI. An attacker can exploit this...

CVE-2020-19417

Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users such as the default account 'maint' to perform administrative tasks by sending specially crafted HTTP requests to the application...

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

The vulnerability of the vSphere Client plugin for managing VMware vCenter Server allows a attacker to send requests on behalf of the targeted server.

The vulnerability of the vSphere Client plugin for managing VMware vCenter Server lies in insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to send requests on behalf of the targeted server by sending specially crafted HTTP requests...

CVE-2020-13565

An open redirect vulnerability exists in the returnpage redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 commit babec93f600ff1394f91ccd512bcad85832eb6ce. A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide...

CVE-2021-1327

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

CVE-2021-1322

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

CVE-2021-1290 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP...

CVE-2021-1331 Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

CVE-2021-1336 Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

shiro: specially crafted HTTP request may cause an authentication bypass

A flaw was found in Apache Shiro in versions prior to 1.6.0. A specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality...

CVE-2020-13564

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template aclid parameter...