CVE-2020-15046

The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...

CVE-2020-11490

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...

FreePBX < 15.0.16.27, 14.0.13.12 or 13.0.197.14 Authentication Bypass Vulnerability

FreePBX is prone to a remote admin authentication bypass vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2019-3020 · Cisco · Cisco Ucs Director Express For Big Data +2

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC Supervisor versions affected versions not specified Cisco UCS Director versions affected versions not specified Cisco UCS Director Express for Big Data versions affected versions not specified...

CVE-2019-13584

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request...

CVE-2019-13585

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request...

Buffer overflow

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request...

CVE-2019-13585

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request...

RedwoodHQ Bypass Authentication Vulnerability

RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...

CVE-2018-19423

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file...

TIBCO ActiveSpaces administrative daemon component cross-site request forgery vulnerability

TIBCO ActiveSpaces is a TIBCO solution for in-memory computing, in-memory data grids, and fault-tolerant datastores. administrative daemon tibdgadmind is one of the daemon components. A cross-site request forgery vulnerability exists in the administrative daemon component in TIBCO ActiveSpaces. A...

CVE-2018-7778

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users...

Micro Focus Secure Messaging Gateway Web administration and quarantine component SQL injection vulnerability

Micro Focus Secure Messaging Gateway SMG is a suite of outbound and inbound protection software for enterprise networks and messaging systems from Micro Focus, UK. The product includes features such as virus protection, anti-spam, anti-DDos attacks, and image analysis.Web administration is one of...

CVE-2018-12464

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...

Local File Inclusion vulnerability in Zenphoto

Overview Zenphoto is a content management system CMS. Zenphoto contains a Local File Inclusion vulnerability. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Sensitive information may be obtained or...

PT-2018-1375 · Canon · Canon Lbp3370 +3

Name of the Vulnerable Software and Affected Versions: Canon LBP6650 versions Canon LBP3370 versions Canon LBP3460 versions Canon LBP7750C versions Description: The issue is related to a weakness in the authentication procedure of Canon printer software when using standard device settings. It...

CVE-2018-11018

An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery CSRF vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html...

CVE-2018-1239

Dell EMC Unity Operating Environment OE versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unit...

Interspire Email Marketer Administrative Authentication Bypass

''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer Software Link: Can't legally provide link but can be found on net...

Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass

Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass ''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer...