PT-2018-5635 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing for privilege escalation to root shell. This can be triggered by injecting OS commands into the remoteNetmask0...

Cross site request forgery (csrf)

TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1Windows...

CVE-2018-10168

TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1Windows...

CVE-2018-10168

TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1Windows...

CVE-2018-10168

CVE-2018-10168 affects TP-Link EAP Controller and Omada Controller (v2.5.4_Windows and v2.6.0_Windows). Root causes include improper privilege management on the Web API (allowing a low-privilege user to perform admin actions), a hard-coded key used to encrypt the backup file enabling decryption/m...

CVE-2018-5799

In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATIONNAME= URI, aka SD-69139...

Ubiquiti Inc.: UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise

In UniFi Video 3.10.0, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

CVE-2018-7508

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

Cross site scripting

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

Design/Logic Flaw

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account...

CVE-2018-7500

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account...

CVE-2018-7508

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

CVE-2018-7500

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account...

CVE-2018-7508

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

CVE-2018-7500

CVE-2018-7500 affects OSIsoft PI Web API (versions 2017 R2 and prior). The issue is Privileges may be escalated, allowing access to the PI System via the service account. CVSS information in NVD indicates high/critical impact (CS: high for confidentiality, integrity, availability; network vector;...

CVE-2018-7508

The CVE-2018-7508 entry pertains to a Cross-site Scripting vulnerability in OSIsoft PI Web API, affecting versions 2017 R2 and prior. The root cause is improper neutralization of input during web page generation, enabling XSS. The associated ICS/CISA advisory confirms the vulnerability is in PI W...

OSIsoft PI Web API Elevation of Privilege Vulnerability

The OSIsoft PI Web API is a product for accessing PI system data. An elevation of privilege vulnerability exists in OSIsoft PI Web API 2017 R2 and prior versions that could allow an attacker to access the PI System via a service account...

OSIsoft PI Web API

CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API Vulnerabilities: Permissions, Privileges, and Access Controls; Cross-site Scripting AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Web API products: PI...

The vulnerability in the web interface of the Cisco Prime Home system allows a perpetrator to bypass the authentication process and perform arbitrary actions with administrator privileges.

The vulnerability in the Cisco Prime Home system’s web interface exists due to deficiencies in the authentication process related to role-based access control RBAC errors. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and perform arbitrary actions wit...

Ansible Tower Arbitrary Command Execution Vulnerability

Ansible is a computer system configuration manager from Ansible, Inc. that can be used to publish, manage, and orchestrate computer systems.Ansible Tower a.k.a. Ansible UI is one of the task control applications that provides a user interface UI, dashboard, and REST API. An arbitrary command...