Sourceforge PhpGACL Cross-Site Scripting Vulnerability

Sourceforge PhpGACL is a pluggable Php, Mysql based platform used to provide access control for platforms organized by Sourceforge. A cross-site scripting vulnerability exists in phpGACL 3.3.7, which stems from a specially designed HTTP request that could lead to arbitrary JavaScript execution...

Micrium uC-HTTP Code Issue Vulnerability

Micrium uC-HTTP is a software from Micrium USA that provides TCP/IP functionality for devices. The software is designed for embedded applications with a compact, reliable, high-performance TCP/IP stack with dual support for IPv4 and IPv6. A code issue vulnerability exists in Micrium uC-HTTP versi...

Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

CVE-2021-1349 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management...

CVE-2021-1209

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2021-1223

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this...

CVE-2021-1171 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2021-1210 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

多款Cisco产品缓冲区错误漏洞

The Cisco RV110W is a Wireless-N VPN firewall, the Cisco RV130 is a multifunction VPN router, the Cisco RV130W is a Wireless-N multifunction VPN router, and the Cisco RV215W is a Wireless-N VPN router. A remote command execution and denial of service vulnerability exists in the Web management...

CVE-2020-15796

A vulnerability has been identified in SIMATIC ET 200SP Open Controller incl. SIPLUS variants V20.8, SIMATIC S7-1500 Software Controller V20.8. The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a...

CVE-2020-7535

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' Vulnerability Type vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions,...

IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2020-68253)

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. An attacker could exploit the vulnerability via a...

CVE-2020-25014

A stack-based buffer overflow in fbwificontinue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet...

Cisco Integrated Management Controller RCE (cisco-sa-ucs-api-rce-UXwpeDHd)

According to its self-reported version, Cisco Unified Computing System E-Series Software UCSE is affected by multiple remote code execution RCE vulnerabilities in the API subsystem due to improper boundary checks for certain user-supplied input. An unauthenticated, remote attacker can exploit...

CVE-2020-3586

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface...

CVE-2020-28579

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges...

CVE-2020-25074

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution...

CVE-2020-3592 Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. A...

openwsman: Infinite loop in process_connection() allows denial of service

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server...

Moderate: varnish:6 security, bug fix, and enhancement update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. The following packages have been upgraded to a later upstream version: varnish 6.0.6. BZ1795673...