CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

GHSA-879P-475X-RQH2 Caddy is vulnerable to cross-origin config application via local admin API /load

commit: e0f8d9b2047af417d8faf354b675941f3dac9891 as-of 2026-02-04 channel: GitHub security advisory per SECURITY.md summary The local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement ...

EUVD-2014-2221

Malware in sbrugna...

CVE-2025-3456

On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protoc...

CVE-2025-3456 On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c

On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protoc...

PT-2025-34702 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption...

多款Anpviz产品 安全漏洞

Anpviz IPC is a series of network cameras from Anpviz. A security vulnerability exists in multiple Anpviz products that originates from a vulnerability that allows an unauthenticated attacker to download the device's running configuration to the /ConfigFile.ini or /config.xml URIs via an HTTP GET...

CVE-2024-20293

A vulnerability in the activation of an access control list ACL on Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. Thi...

CVE-2023-24547

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config...

High Availability Synchronization on NetScaler Appliance

This article contains information about synchronization between appliances that are part of a high availability setup. Background High availability synchronization is the process by which configurations are kept identical between the appliances. It is not the process that runs individual commands...

Cisco SPA100 Information Disclosure Vulnerability (CNVD-2019-36888)

The Cisco SPA100 Series is an analog phone adapter from Cisco that allows your standard analog phone to access Internet telephony services through an RJ-11 phone port. A vulnerability exists in the Web-based management interface of the Cisco SPA100 Series 1.4.1 SR3 and earlier versions that...

CVE-2019-15257

A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An...

CVE-2018-15465

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...

CVE-2018-15465 Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels 0 and 1, remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of...

PT-2018-2066 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, but unprivileged levels...

UBUNTU-CVE-2015-1027

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the...

ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass

The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not...

PT-2014-4538 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue allows remote authenticated users to read files by sending a crafted URL to the HTTP server, potentially accessing sensitive information suc...

Harris Stratex StarMAX subscriber station running config CSRF exploit

===================================================================== Harris Stratex StarMAX subscriber station running config CSRF exploit ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / ...

Harris Stratex StarMAX subscriber station running config CSRF exploit

===================================================================== Harris Stratex StarMAX subscriber station running config CSRF exploit ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / ...