CVE-2019-25238

V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system settings by tricking authenticated...

CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2018-25149 Microhard Systems IPn4G 1.1.0 Cross-Site Request Forgery via Web Interface

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2025-63218

The Axel Technology WOLF1MS and WOLF2MS devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and...

Cisco Identity Services Engine 授权问题漏洞

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. Cisco Identity Services Engine Cisco ISE...

PT-2024-3247 · Mitel · Mitel 6900 Series +2

Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 Description: The issue is related to an authenticati...

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

CVE-2023-39286

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a...

CVE-2022-20214

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210...

Code injection

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210...

CVE-2022-20214

CVE-2022-20214 (Android) affects the Car Settings app on Android 10–12. The vulnerability is a tapjacking issue where an attacker can overlay the “Modify system settings” toggle, potentially allowing apps to modify system settings without user consent. The CVSS 3.1 base metrics indicate: Attack V...

PT-2023-12638 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 10 through 12 Description: The issue concerns a tapjacking attack vulnerability in the In Car Settings app, specifically with the toggle button in Modify system settings. This allows attackers to overlay the toggle button,...

AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting

Exploit Title: AUO Solar Data Recorder - Stored XSS Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...

CVE-2018-6020

In Silex SX-500 all versions and GE MobileLinkGEH-500 version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings...

Castle Rock Computing SNMPc Cross-Site Scripting Vulnerability

Castle Rock Computing SNMPc is a distributed network management system from Castle Rock Computing that provides proactive, real-time monitoring capabilities for the entire network infrastructure. A cross-site scripting vulnerability exists in versions of Castle Rock Computing SNMPc prior to...

Elevated administrator permissions:startup script method-vulnerability warning-the black bar safety net

We watched“my non-IF. S. T”summary elevated administrator privileges 8 of the law, and now we use the startup script and batch in to get the shell of the case under the elevated No. 9: startup script method! of! The first batch of leakage Ah, we can get optimistic, and I try to cut the crap,...