EUVD-2026-37876

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

EUVD-2026-37875

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

CVE-2026-40455

Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...

EUVD-2007-1637

Malware in sbrugna...

EUVD-2012-6247

Malware in sbrugna...

EUVD-2007-2193

Malware in sbrugna...

EUVD-2007-2200

Malware in sbrugna...

EUVD-2015-0607

Malware in sbrugna...

CVE-2013-5482

Cisco Prime LAN Management Solution LMS does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCug77823...

CVE-2012-6392

Cisco Prime LAN Management Solution LMS 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779...

Tenda AC500 安全漏洞

Tenda AC500 is the wireless controller device introduced, designed for small and medium-sized businesses, with support for managing wireless networks across VLANs. Tenda AC500 suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failin...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises due to the failure to take measures to neutralize special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of Fortinet FortiWLM’s WLAN access point and LAN switch management systems exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a...

Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open

A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network. Cisco Small Business Switches were developed for small offi...

Design/Logic Flaw

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for firewall lanmanage mac2...

Cisco Prime LAN Management Solution Session Fixation Vulnerability

According to its self-reported version, the Cisco Prime LAN Management Solution LMS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. C Tenable Network Security, Inc. include"compat.inc"; if description...

Cisco Prime LAN Management Solution Session Fixation Vulnerability

Cisco Prime LAN Management Solution LMS is a LAN-based network management solution from Cisco. The solution can configure, manage, monitor and maintain the network. A session fixation vulnerability exists in the networking functionality in Cisco Prime LMS, which originates when a program reuses a...

Session fixation

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

CVE-2017-12225

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

CVE-2017-12225

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as pa...

CVE-2017-12225

CVE-2017-12225 affects Cisco Prime LAN Management Solution (LMS) session handling. The issue arises from reusing a preauthentication session token in the postauthentication flow, allowing an authenticated remote attacker to hijack another user’s administrative session (Session Fixation). Affected...