CVE-2021-31926

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTPS request directly to the applicable API endpoint despite not having permission to make changes to the system's network...

CVE-2021-25147

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

CVE-2021-25147

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

Aruba Networks AirWave Management Platform 授权问题漏洞

Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting, and historical data reporting. A security vulnerability exists in Aruba AirWave Management Platform...

CVE-2021-20694

Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors...

CVE-2020-7269

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

Design/Logic Flaw

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2020-7270 Sensitive Information Exposure in McAfee ATD

Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense ATD prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploy...

CVE-2020-7270

Summary: CVE-2020-7270 affects McAfee Advanced Threat Defense (ATD) web interface. In ATD versions prior to 4.12.2, remote authenticated users can view sensitive unencrypted information through a specially crafted HTTP request parameter, as described across multiple sources (NVD, CNVD, Red Hat, C...

CVE-2021-24024

A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files...

Zoom Chat 输入验证错误漏洞

Zoom Chat is an application from Zoom USA. It provides a chat feature. A security vulnerability exists in Zoom Chat through 2021-04-09 that allows certain remotely authenticated attackers to execute arbitrary code without user interaction...

MikroTik RouterOS 命令注入漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. A security vulnerability exists in MikroTik RouterOS version 6.47.9 that allows remote authenticated ftp users to...

D-Link DIR-3060 Command Injection Vulnerability

The D-Link DIR-3060 is a router from China-based AUO D-Link. The D-Link DIR-3060 suffers from a command injection vulnerability that can be exploited by an attacker to remotely authenticate a user to inject arbitrary commands in the administrative or root environment...

CVE-2021-28144

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely...

D-Link DIR-3060 命令注入漏洞

The D-Link DIR-3060 is a router from China-based AUO D-Link. The D-Link DIR-3060 suffers from a command injection vulnerability that can be exploited by an attacker to remotely authenticate a user to inject arbitrary commands in the administrative or root environment...

CVE-2021-26963

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could...

CVE-2021-26970

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A...

Authentication flaw

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and manageme...

CVE-2021-26962

A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could...

CVE-2021-26964

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and manageme...