CVE-2020-18326

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

CVE-2020-20741

Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020CB3011WEC7HPSv602TC31B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials ar...

CVE-2020-5890

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace...

CVE-2020-5659

SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2020-5580

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors...

CVE-2024-54188

Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access...

CVE-2020-16205

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5...

CVE-2014-2849

The Change Password dialog box changepassword in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request...

CVE-2013-3507

The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for 1 a configuration file, 2 a database dump, or 3 the Tomcat status context...

CVE-2013-1139

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134...

CVE-2013-0990

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors...

CVE-2017-9836

Cross-site scripting XSS vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtualname parameter to /admin.php i.e., creating a virtual album...

CVE-2011-1311

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

CVE-2018-12692

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wpssetuppin parameter to /data/wps.setup.json...

CVE-2019-9085

Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.php with invalid arguments any non-numeric value, as demonstrated by the anno=2019transazione=1№contratto=1file=a query string to...

CVE-2015-2048

Cross-site request forgery CSRF vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2019-3958

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks via a crafted sales transaction...

CVE-2019-19650

Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function...

CVE-2019-17073

emlog through 6.0.0beta allows remote authenticated users to delete arbitrary files via admin/template.php?action=del=../ directory traversal...

CVE-2019-10657

Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request...