66 matches found
CVE-2019-18980
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. Th...
CVE-2018-7064
A reflected cross-site scripting XSS vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session...
Reprise License Manager Arbitrary File Read Vulnerability
Reprise License Manager RLM is a suite of license management software from Reprise, Inc. An arbitrary file read vulnerability exists in Reprise RLM 12.2BL2 and earlier versions, which stems from the fact that by default, the web interface on port 5054 does not require authentication. The...
CVE-2018-8016
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in...
CVE-2018-10544
Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface...
CVE-2018-10544
CVE-2018-10544 affects Meross MSS110 devices, up to firmware version 1.1.24, which expose an unauthenticated administrative web interface (admin.htm). The connected CNVD/NVD entries confirm a straightforward unauthenticated access path to manage interfaces, with the CNVD noting the risk of inform...