The vulnerability of the microprogrammed Ethernet module WISE-4060 and Adam-6050 D lies in the use of weak encryption algorithms, allowing attackers to gain full access to the device with administrator privileges.

The vulnerability of the microprogrammed Ethernet module WISE-4060 and Adam-6050 D lies in the use of weak encryption algorithms. Exploiting this vulnerability can allow an attacker operating remotely to gain full access to the device with administrator privileges...

CVE-2021-41547

A vulnerability has been identified in Teamcenter Active Workspace V4.3 All versions V4.3.11, Teamcenter Active Workspace V5.0 All versions V5.0.10, Teamcenter Active Workspace V5.1 All versions V5.1.6, Teamcenter Active Workspace V5.2 All versions V5.2.3. The application contains an unsafe...

Multiple NETGEAR Smart Switches Vulnerable to Input Validation Errors

GC108P and other smart switch products from Netgear, U.S.A. Several of Netgear's smart switches are vulnerable to an input validation error, which stems from a failure of the daemon to check for validation when an authentication TLV is missing from an incoming NSDP packet. An unauthenticated...

CVE-2021-40866

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the disabled by default /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8....

Authentication flaw

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the disabled by default /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8....

CVE-2021-40866

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the disabled by default /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8....

CVE-2021-40866

Summary (CVE-2021-40866) : Netgear SmartSwitches (GC108P/GC108PP, GS108Tv3, GS110TPP/V3, GS110TUP, GS308T, GS310TP, GS710TUP, GS716TP/TPP, GS724TPP/v2, GS728TPPv2/v2, GS750E, GS752TPP/v2, MS510TXM/TXUP)** are vulnerable to an unauthenticated remote password change via the disabled-by-default /sqf...

VulnCheck KEV: CVE-2014-2321

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...

CVE-2021-33721

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2. The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this...

Red Hat Wildfly 访问控制错误漏洞

Red Hat Wildfly is a lightweight JavaEE-based open source application server from Red Hat USA. An access control error vulnerability exists in WildFly Core that stems from improperly restricting access to Vault expressions. If a Vault expression takes the form of a single attribute containing...

LearningDigital Orca HCM digital learning platform 授权问题漏洞

LearningDigital Orca HCM digital learning platform is a digital learning platform from China's LearningDigital. The Orca HCM digital learning platform suffers from an authorization issue vulnerability, which stems from the lack of authentication on the administration page, which allows remote...

ASUS BMC Firmware 路径遍历漏洞

ASUS BMC Firmware is a firmware from Asus China. A path traversal vulnerability exists in the ASUS BMC Firmware Web management page, which stems from the Delete SOL video file function not filtering specific parameters. A remote attacker could use this vulnerability to gain administrator privileg...

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure ACI Multi-Site Orchestrator MSO that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted...

RainbowFish PacsOne Server 访问控制错误漏洞

RainbowFish PacsOne Server is an image archiving and communication system server from RainbowFish Rainbowfish, which is used to save incoming images. The system is used to save incoming images, and an access control error vulnerability exists in RainbowFish PacsOne Server, which could be exploite...

CVE-2020-23014

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting XSS in /apiui/command through the payloadtypescallback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel...

Cross site scripting

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting XSS in /apiui/command through the payloadtypescallback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel...

CVE-2020-23014

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting XSS in /apiui/command through the payloadtypescallback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel...

CVE-2020-23014

CVE-2020-23014 affects APfell 1.4 with an authenticated reflected XSS in /apiui/command_ via payloadtypes_callback. The vulnerability can enable theft of admin/user sessions and addition of new users to the administration panel. Public sources in the connected Red Hat advisory reiterate the issue...

Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies

Cybersecurity researchers today took the wraps off an on-going cyber fraud operation led by hackers in Gaza, West Bank, and Egypt to compromise VoIP servers of more than 1,200 organizations across 60 countries over the past 12 months. According to findings published by Check Point Research, the...

CVE-2020-25078

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. Recent assessments: kevthehermit at March 04, 2021 12:03am UTC reported: Vulnerability The D-LInk...