Lucene search
K

478 matches found

Mageia
Mageia
added 2016/02/17 7:6 p.m.37 views

Updated cacti packages fix CVE-2016-2313

Updated cacti package fixes security vulnerability: Authentication using web authentication as a user not in the cacti database allows complete access CVE-2016-2313...

8.8CVSS3.7AI score0.02686EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/02/15 12:0 a.m.29 views

openSUSE Security Update : cacti (openSUSE-2016-198)

cacti was updated to fix the following vulnerabilities : - CVE-2015-8369: SQL injection in graph.php boo958863 - CVE-2015-8604: SQL injection in graphsnew.php boo960678 - CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php boo958977 - CVE-2016-2313:...

8.8CVSS7.9AI score0.02686EPSS
Exploits7References8
Hacker One
Hacker One
added 2016/02/02 4:44 p.m.31 views

X (Formerly Twitter): Bypassing Digits web authentication's host validation with HPP

Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail As described in 108429, the login page has 2 parameters, consumerkey and host. The former identifies which app a user wants to...

7AI score
Exploits0
ICS
ICS
added 2015/10/16 6:0 a.m.54 views

Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication

OVERVIEW Independent researcher Aditya Sood has identified an insecure Java client web authentication vulnerability in the Clorius Controls A/S ISC SCADA server. Clorius Controls A/S has produced an update that mitigates this vulnerability. Aditya Sood has tested the update to validate that it...

10CVSS6.5AI score0.02595EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2015/09/23 12:0 a.m.24 views

Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability

Cisco Wireless LAN Controller contains a vulnerability that could allow an unauthenticated, adjacent attacker to cause a denial of service condition. Updates are available. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

6.1CVSS6.6AI score0.00821EPSS
Exploits0References1
Prion
Prion
added 2015/05/16 2:59 p.m.19 views

Code injection

The wireless web-authentication subsystem on Cisco Wireless LAN Controller WLC devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service process crash and device restart via a crafted value, aka Bug ID CSCum03269...

6.1CVSS7.2AI score0.00821EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/05/16 2:0 p.m.26 views

CVE-2015-0723

The wireless web-authentication subsystem on Cisco Wireless LAN Controller WLC devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service process crash and device restart via a crafted value, aka Bug ID CSCum03269...

6.6AI score0.00821EPSS
Exploits0References2
Cisco
Cisco
added 2015/05/08 4:32 p.m.26 views

Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability

A vulnerability in the wireless web authentication subsystem of Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability exists due to improper input sanitization of a certain value that is supplied by a user...

6.1CVSS6.4AI score0.00821EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/30 12:0 a.m.3 views

Cisco Wireless LAN Controller WEB Authentication Denial of Service Vulnerability

The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A security vulnerability in the Cisco Wireless LAN Controller WEB authentication feature allows remote attackers ...

6.1CVSS7.2AI score0.00629EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/03/28 1:0 a.m.29 views

CVE-2015-0679

The web-authentication functionality on Cisco Wireless LAN Controller WLC devices 7.3103.8 and 7.4110.0 allows remote attackers to cause a denial of service device reload via a malformed password, aka Bug ID CSCui57980...

6.7AI score0.00629EPSS
Exploits0References2
CVE
CVE
added 2015/03/28 1:0 a.m.55 views

CVE-2015-0679

The CVE-2015-0679 vulnerability affects Cisco Wireless LAN Controller (WLC) devices running 7.3(103.8) and 7.4(110.0). The issue arises in the web authentication feature where ill-formed/malformed passwords are mishandled, enabling an unauthenticated, adjacent attacker to trigger a denial-of-serv...

6.1CVSS6.9AI score0.00629EPSS
Exploits0References2Affected Software1
Cisco
Cisco
added 2015/03/26 8:6 p.m.27 views

Cisco Wireless LAN Controller Task Name aaaQueueReader Denial of Service Vulnerability

A vulnerability in the web authentication feature of Cisco Wireless LAN Controller WLC could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability is due to the improper handling of ill-formed passwords by the web authentication feature used by...

5.7CVSS6.4AI score0.00629EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2014/07/31 12:0 a.m.29 views

Juniper Networks Junos OS Web Authentication XSS Vulnerability

XSS vulnerability in webauth SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if description...

4.3CVSS5.1AI score0.01192EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2014/07/15 12:0 a.m.34 views

Juniper Junos SRX Series Web Authentication XSS (JSA10640)

According to its self-reported version number, the remote Junos device is affected by a reflected cross site scripting vulnerability. An attacker can exploit this to steal sensitive information or session credentials from firewall users. Note that this issue only affects devices where Web...

4.3CVSS5AI score0.01192EPSS
Exploits1References2
Prion
Prion
added 2014/07/11 8:55 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in SRX Web Authentication webauth in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via...

4.3CVSS6.2AI score0.01192EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/07/11 8:0 p.m.52 views

CVE-2014-3821

The CVE-2014-3821 entry describes a Cross-site scripting (XSS) vulnerability in Juniper Junos SRX Web Authentication (webauth) across multiple releases (11.4 before 11.4R11; 12.1X44 before 12.1X44-D34; 12.1X45 before 12.1X45-D25; 12.1X46 before 12.1X46-D20; 12.1X47 before 12.1X47-D10). The issue ...

4.3CVSS5.8AI score0.01192EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/07/11 8:0 p.m.27 views

CVE-2014-3821

Cross-site scripting XSS vulnerability in SRX Web Authentication webauth in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via...

5.7AI score0.01192EPSS
Exploits1References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.55 views

INSTEON Hub 2242-222 - Lack of Web and API Authentication

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON http://www.INSTEON.com/ Product: Hub Version affected: 2242-222 model discontinued Product...

8.1AI score0.06973EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Real Networks GameHouse dldisplay ActiveX control 0 Port Buffer Overflow (1)

No description provided by source. source: http://www.securityfocus.com/bid/767/info At installation, the Real Server software randomly selects an unused port as the remote administration port. This port is used by Real Server's remote web administration feature. To access this feature, the corre...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/09/12 12:0 a.m.302 views

Synology NAS / DiskStation Manager Detection (HTTP)

HTTP based detection of Synology NAS devices, DiskStation Manager DSM OS and application. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.4AI score
Exploits0
Rows per page
Query Builder