The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to disclose sensitive information.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to perform arbitrary actions on the vulnerable device.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system is related to the use of pre-installed registration data. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...

D-Link DIR-615 Elevation of Privilege Vulnerability

The D-Link DIR-615 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR-615 suffers from an elevation of privilege vulnerability that stems from the program's failure to perform complete validation of file paths and error detection. An attacker can exploit the elevation of...

The vulnerability of Modicon microprogrammed control devices, related to a data processing error in the REST API, allows a perpetrator to trigger a service failure.

The vulnerability of Modicon microprogrammed control devices is related to a data processing error in the REST API. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...

CVE-2019-1869

A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual platforms could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service DoS condition. The vulnerabili...

Coremail Mail System Service Unauthorized Access Vulnerability

Coremail mail system is a large-scale enterprise mail system independently researched and developed by Lonker Technology Guangzhou Co., Ltd hereinafter referred to as Lonker, which provides customers with overall technical solutions for e-mail and enterprise post office operation services.As the...

Coremail Mail System Service Interface Parameter Injection Vulnerability

Coremail mail system is a large-scale enterprise mail system independently researched and developed by Lonker Technology Guangzhou Co., Ltd hereinafter referred to as Lonker, which provides customers with overall technical solutions for e-mail and enterprise post office operation services.As the...

CVE-2019-5430

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

CVE-2018-18561

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the...

CVE-2018-18562

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...

Design/Logic Flaw

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the...

CVE-2018-18562

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...

CVE-2018-18562

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...

CVE-2018-10627

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This...

Wireshark DOCSIS Protocol Parser Denial of Service Vulnerability

Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.DOCSIS protocol dissector is one of the Limited Cable Data Service Interface protocol...

SQL Injection, Remote Command Execution Vulnerabilities Exist in Kinglion Technologies Call System

Jinlun Technology Call System is a set of intelligent telemarketing management system specially designed by Shenzhen Jinlun Communication Co. Jinlun call system exists SQL injection, remote command execution vulnerability, due to SOAP interface external entity injection and the use of Think php...

Katello: Authenticated sql injection via sort_by and sort_order request parameter

An input sanitization flaw was found in the scoped search parameters sortby and sortorder in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database...

The vulnerability of the Cisco ASA access control system allows a intruder to trigger a service failure.

The vulnerability of the REST interface of the Cisco ASA access control system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending numerous requests...

CVE-2015-0934

CVE-2015-0934 affects ShareLaTeX via CLSI before 0.1.3. The vulnerability arises from backtick characters in filenames, allowing remote authenticated users to execute arbitrary commands on the server (command injection). CLSI 0.1.3 fixes the issue and is included in ShareLaTeX 0.1.3; upgrade to t...

CVE-2014-3375

Multiple cross-site scripting XSS vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597...