CVE-2013-6026

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...

CVE-2013-2707

Cross-site request forgery CSRF vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings...

CVE-2013-2640

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting XSS attacks via unspecified vectors related to "formData=save" requests, a...

CVE-2013-2640

ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting XSS attacks via unspecified vectors related to "formData=save" requests, a...

CVE-2012-4021

MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors...

CVE-2011-3997

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors...

Authentication flaw

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors...

Opengear console servers vulnerable to authentication bypass

Overview Opengear console servers contains an authentication bypass vulnerability. Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Tadayoshi Nakahira reported this vulnerability to IPA. JPCERT/CC...

Design/Logic Flaw

SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified...

Samba Web Administration Tool vulnerable to cross-site request forgery

Overview Samba Web Administration Tool SWAT contains a cross-site request forgery vulnerability. Samba Web Administration Tool SWAT allows for Samba configuration through a web interface. SWAT contains a cross-site request forgery vulnerability. SWAT is disabled in a default configuration of Samb...

Remote shield the telnet service of the ntlm authentication-bug warning-the black bar safety net

A lot of people get to upload the file permissions and administrator permissions later want to start the remote tlelnet service, but met Nasty NTLM authentication, for this case, we very often use to upload files 比如 NTLM.exe and then at the remote timing of the implementation, if at hand is no su...

CVE-2008-7173

The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service physical damage, modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue ...

Design/Logic Flaw

The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service physical damage, modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue ...

TeraStation HD-HTGL series cross-site request forgery vulnerability

Overview TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety CSRF vulnerability. Impact If a TeraStation HD-HTGL administrator w...

Design/Logic Flaw

Unspecified vulnerability in GONICUS System Administration GOsa before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests...

CVE-2007-0313

Unspecified vulnerability in GONICUS System Administration GOsa before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests...

CVE-2007-0313

Unspecified vulnerability in GONICUS System Administration GOsa before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests...

CVE-2007-0313

Unspecified vulnerability in GONICUS System Administration GOsa before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests...