478 matches found
Updated cacti packages fix CVE-2016-2313
Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...
openSUSE Security Update : cacti (openSUSE-2016-198)
cacti was updated to fix the following vulnerabilities : - CVE-2015-8369: SQL injection in graph.php boo958863 - CVE-2015-8604: SQL injection in graphsnew.php boo960678 - CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php boo958977 - CVE-2016-2313:...
X (Formerly Twitter): Bypassing Digits web authentication's host validation with HPP
Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail As described in 108429, the login page has 2 parameters, consumerkey and host. The former identifies which app a user wants to...
Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication
OVERVIEW Independent researcher Aditya Sood has identified an insecure Java client web authentication vulnerability in the Clorius Controls A/S ISC SCADA server. Clorius Controls A/S has produced an update that mitigates this vulnerability. Aditya Sood has tested the update to validate that it...
Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability
Cisco Wireless LAN Controller contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause a denial of service condition. Updates are available. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...
Code injection
The wireless web-authentication subsystem on Cisco Wireless LAN Controller WLC devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service process crash and device restart via a crafted value, aka Bug ID CSCum03269...
CVE-2015-0723
The wireless web-authentication subsystem on Cisco Wireless LAN Controller WLC devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service process crash and device restart via a crafted value, aka Bug ID CSCum03269...
Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability
A vulnerability in the wireless web authentication subsystem of Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability exists due to improper input sanitization of a certain value that is supplied by a user...
Cisco Wireless LAN Controller WEB Authentication Denial of Service Vulnerability
The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A security vulnerability in the Cisco Wireless LAN Controller WEB authentication feature allows remote attackers ...
CVE-2015-0679
The web-authentication functionality on Cisco Wireless LAN Controller WLC devices 7.3103.8 and 7.4110.0 allows remote attackers to cause a denial of service device reload via a malformed password, aka Bug ID CSCui57980...
CVE-2015-0679
The CVE-2015-0679 vulnerability affects Cisco Wireless LAN Controller (WLC) devices running 7.3(103.8) and 7.4(110.0). The issue arises in the web authentication feature where ill-formed/malformed passwords are mishandled, enabling an unauthenticated, adjacent attacker to trigger a denial-of-serv...
Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability
A vulnerability in the web authentication feature of Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of ill-formed passwords by the web authentication feature used by...
Juniper Networks Junos OS Web Authentication XSS Vulnerability
XSS vulnerability in webauth SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if description...
Juniper Junos SRX Series Web Authentication XSS (JSA10640)
According to its self-reported version number, the remote Junos device is affected by a reflected cross site scripting vulnerability. An attacker can exploit this to steal sensitive information or session credentials from firewall users. Note that this issue only affects devices where Web...
Cross site scripting
Cross-site scripting XSS vulnerability in SRX Web Authentication webauth in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via...
CVE-2014-3821
The CVE-2014-3821 entry describes a Cross-site scripting (XSS) vulnerability in Juniper Junos SRX Web Authentication (webauth) across multiple releases (11.4 before 11.4R11; 12.1X44 before 12.1X44-D34; 12.1X45 before 12.1X45-D25; 12.1X46 before 12.1X46-D20; 12.1X47 before 12.1X47-D10). The issue ...
CVE-2014-3821
Cross-site scripting XSS vulnerability in SRX Web Authentication webauth in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via...
INSTEON Hub 2242-222 - Lack of Web and API Authentication
No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON http://www.INSTEON.com/ Product: Hub Version affected: 2242-222 model discontinued Product...
Real Networks GameHouse dldisplay ActiveX control 0 Port Buffer Overflow (1)
No description provided by source. source: http://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the corre...
Synology NAS / DiskStation Manager Detection (HTTP)
HTTP based detection of Synology NAS devices, DiskStation Manager DSM OS and application. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...