Rockwellautomation Micrologix Unspecified Vulnerability

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

CVE-2019-12679

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

CVE-2019-12685

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

WordPress Ocean Extra plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ocean Extra is a plugin used to add extensions to the Ocean theme. An input validation error vulnerability exists in the...

CVE-2019-11587

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery CSRF...

CVE-2019-11587

CVE-2019-11587 affects Atlassian Jira: exposed resources of the ViewLogging class allow CSRF, enabling remote modification of various settings. Impacted versions include Jira before 7.13.6, and 8.x before 8.2.3; specifically 8.3.0 before 8.3.2. The issue is triggered via CSRF without requiring au...

The ViewLogging class exposed various resources that were vulnerable to CSRF - CVE-2019-11587

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery CSRF...

WordPress WP Maintenance Mode Plugin Access Restriction Bypass Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP Maintenance Mode Plugin is used in one of the site maintenance page settings plugin. WordPress WP Maintenanc...

CVE-2018-0682

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors...

The administrative smart-commits resource was vulnerable to Cross-site request forgery (CSRF) - CVE-2018-13398

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery CSRF vulnerability...

Hard-coded credential vulnerability in multiple Philips products

Philips PageWriter TC10 Cardiograph and others are different models of electrocardiograph equipment from Philips Netherlands. A security vulnerability exists in a number of Philips products that stems from the program's use of hard-coded credentials. An attacker in close physical proximity could...

Tenda Wireless N150 Router 5.07.50 Cross Site Request Forgery

Exploit Title: Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Date: 2018-07-21 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2015-5996 Description: The router is vulnerable to a cross-site request forgery attacker. If an administrator is...

SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite Security Vulnerability

SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite are Russian SAFE'N'SEC's proactive defense-capable malware applications. SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...

Dokodemo eye Smart HD SCR02HD Unauthorized Access Vulnerability

Dokodemo eye Smart HD SCR02HD is a wireless monitor from NIPPON ANTENNA. An unauthorized access vulnerability exists in the Dokodemo eye Smart HD SCR02HD, which can be exploited by a remote attacker to view sensitive information and modify configuration...

Authentication flaw

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value...

CVE-2016-4503

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value...

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors...

Directory traversal

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors...

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors...