323 matches found
CVE-2022-36785
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains defaul...
PT-2022-23624 · D Link · D-Link G Integrated Access Device4
Name of the Vulnerable Software and Affected Versions: D-Link - G integrated Access Device4 affected versions not specified Description: The issue concerns information disclosure and authorization bypass. It involves a file containing a URL with a private IP address and default username value...
PT-2022-6962 · D Link · D-Link Dap-1325
Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this issue. Th...
Citrix Provisioning Console communication error while running on Azure
The Citrix Provisioning Console fails to communicate with Azure after TLS 1.0 has been disabled. This prevents the use of CVAD Setup Wizard or power management in Azure using the Citrix Provisioning Console or Citrix Provisioning PowerShell interfaces. This affects all version of Citrix...
Stripo Inc: [SSRF] my.stripo.email via the setup-wizard parameter
A vulnerability in the setup wizard allowed SSRF. The issue has been resolved...
GHSA-R5X3-2446-HRP7 Race Condition in Jenkins
A race condition during Jenkins 2.81 through 2.94 inclusive; 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related...
CVE-2022-28782
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...
CVE-2022-28782
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...
CVE-2022-28782
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...
Improper access control
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...
CVE-2022-28782
CVE-2022-28782 concerns Samsung’s Contents To Window in the context of the SMR May-2022 Release 1. The issue is described as an improper access control that could allow a physical attacker to install a package before the Setup wizard finishes. The available remediation is a patch that blocks the ...
PT-2022-19230 · Unknown · Contents To Window
Name of the Vulnerable Software and Affected Versions: Contents To Window versions prior to SMR May-2022 Release 1 Description: The issue is related to improper access control, allowing a physical attacker to install a package before the completion of the Setup wizard. This can be exploited by a...
CVAD Setup Wizard Fails To Complete When Using Citrix Cloud - Index Was Out Of Range
Running the Provisioning Services CVAD Setup Wizard to create or add new machines to a Citrix Cloud catalog fails to create the devices. Upon clicking finish, after specifying wizard parameters, the wizard closes and the following error appears: Error: Index was out of range. Must be non-negative...
Improper access control
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated...
CVE-2022-24932
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...
CVE-2022-24932
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...
CVE-2022-24932
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...
Input validation
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard...
Samsung Setup wizard process安全漏洞
The Samsung Setup wizard process is an installation setup wizard from Samsung South Korea. A security vulnerability exists in the Samsung Setup wizard process that stems from improper protection of alternate paths during the installation wizard process, allowing an attacker to install the securit...
CVE-2022-24932
The CVE-2022-24932 entry concerns Samsung Setup wizard: an Improper Protection of Alternate Path vulnerability in the Setup wizard process allows a physical attacker to install packages before the wizard completes. Affected versions are Setup wizard versions prior to SMR Mar-2022 Release 1. The u...