CVE-2018-13800

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 All versions V4.2.3. The web interface could allow a Cross-Site Request Forgery CSRF attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a...

SIEMENS SIMATIC S7-1200 CPU Family Cross-Site Request Forgery Vulnerability

The SIEMENS SIMATIC S7-1200 CPU Family is designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage and the global chemical industry. A cross-site request forgery vulnerability exists in the SIEMENS SIMATIC S7-1200 CPU Family. This allows an...

Cisco Firepower System Software Command Execution Vulnerability

Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A privilege-granting and access-control vulnerability exists in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors, which ste...

Authentication Bypass Vulnerability in Sunell Cameras

Jing Yang Sunell camera is a camera produced by Shenzhen Jing Yang Technology Co. Sunell camera has an authentication bypass vulnerability that can be exploited by attackers to add administrators, modify the configuration, and gain WEB administrator privileges...

Siemens SICLOCK TC Product Bypass Certification Vulnerability

The SICROCK product line offers components for synchronizing plant and system time. An authentication bypass vulnerability exists in Siemens SICLOCK TC products. An attacker is allowed to perform reads and modify the device configuration...

CVE-2017-17759

Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service by deleting the configuration via a wc.dll?wwMaintEditConfig request which reaches an older version of a West Wind Web Connection HTTP service...

CVE-2017-17759

Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service by deleting the configuration via a wc.dll?wwMaintEditConfig request which reaches an older version of a West Wind Web Connection HTTP service...

Cross-Site Request Forgery Vulnerability in Multiple Moxa Products

Moxa OnCell G3110-HSPA and so on are products of China Moxa Moxa, of which OnCell G3110-HSPA is an industrial-grade IP gateway and OnCell 5104-HSPA is an industrial-grade cellular router. A cross-site request forgery vulnerability exists in multiple Moxa products that stems from a program failing...

CVE-2016-9869

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client SDC server unavailable...

CVE-2016-6397

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System IPICS Universal Media Services UMS could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affect...

CVE-2016-5366

Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052...

Cisco Wireless LAN Controller Unauthorized Access Vulnerability

The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. An unauthorized access vulnerability exists in the Cisco Wireless LAN Controller WLC software that could be exploited by an...

Cisco Connected Grid Network Management System Elevation of Privilege Vulnerability

Cisco Connected Grid Network Management System CG-NMS is an end-to-end smart grid management system from Cisco. A security vulnerability exists in the web GUI of Cisco CG-NMS version 3.00.35 and 3.00.54. A remote attacker can exploit the vulnerability via the Monitor-Only role to bypass establish...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

McAfee Advanced Threat Defense Security Bypass Vulnerability

McAfee Advanced Threat Defense provides advanced threat defense that defends against advanced malware, including zero-day persistent threats and advanced persistent threats. McAfee Advanced Threat Defense has a security vulnerability that could allow a remotely authenticated attacker to bypass...

PicketBox JBossSX Arbitrary File Execution Vulnerability

PicketBox is a set of java security framework , it provides developers with authentication , authorization , auditing and security mapping functions . An arbitrary file execution vulnerability exists in PicketBox JBossSX, which allows remote authenticated users to exploit the vulnerability to rea...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

CVE-2013-3089

Cross-site request forgery CSRF vulnerability in apply.cgi in Belkin N300 F7D7301v1 router allows remote attackers to hijack the authentication of administrators for requests that modify configuration...

Amazon Linux AMI : postgresql9 (ALAS-2013-178)

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection...

Design/Logic Flaw

Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804...