103 matches found
CVE-2023-25609
A server-side request forgery SSRF vulnerability CWE-918 in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests...
CVE-2022-43873
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847...
SUSE CVE-2016-5545
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: GUI. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...
CVE-2022-41205
SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...
CVE-2022-26121
An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via...
CVE-2022-35273
OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...
Voipmonitor 授权问题漏洞
VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. Has a commercial front-end for the SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux. Voipmonitor suffers from a security vulnerability that stems from an error check in cdr.php, a component of the...
CVE-2021-35031
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device...
The vulnerability of the graphical interface of the Fortinet FortiManager device management software and the Fortinet FortiAnalyzer security event monitoring and analysis software allows a hacker to obtain a list of administrative users from other ADOMs and their configurations.
The vulnerability of the graphical interface of the Fortinet FortiManager device management center and the Fortinet FortiAnalyzer event monitoring and analysis tool is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker, operating remotely,...
CVE-2021-20843
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...
CVE-2021-20843
The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...
CVE-2020-12814
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI...
Fortinet FortiOS 信任管理问题漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...
CVE-2021-29821
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Fortinet FortiPortal 跨站脚本漏洞
Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A cross-site scripting vulnerability exists in the Fortinet FortiPortal GUI due to...
SAP GUI Input Validation Error Vulnerability
SAP GUI is a German SAP SAP company's application software. graphical user interface for the SAP system. An input validation error vulnerability exists in SAP GUI for Windows versions 7.60 and 7.70. The vulnerability stems from the program redirecting users to a specific malicious website, which...
@cycle-robot-drivers/run (>=0.0.0 <=1.0.27), @wannaby/wanna-model-viewer (>=0.0.1 <=0.0.10) +17 more potentially affected by CVE-2020-7755 via dat.gui (>=0.6.5 <=0.7.7)
dat.gui NPM version =0.6.5, =0.0.0, =0.0.1, =1.0.0, =3.0.0, =0.0.0, =0.0.0, =1.0.0, =0.6.0, =0.1.0, =0.3.2, =2.0.0, =0.0.7, =0.0.0, =0.0.7 and more Source cves: CVE-2020-7755 Source advisory: OSV:GHSA-CHWR-HF3W-C984...
Vulnerabilities fixed in Tivoli Netcool/OMNIbus
IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...
Secomea GateManager Cross-Site Scripting Vulnerability
GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. The vulnerability stems from improper input validation. An attacker can exploit the vulnerability to execute arbitrary javascript code...
Marvell QConvergeConsole 安全漏洞
Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability exists in the Marvell QConvergeConsole GUI version 5.5.0.74 and...