Lucene search
K

330 matches found

NVD
NVD
added 2022/10/12 12:15 a.m.24 views

CVE-2022-28866

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI R18 Firmware v4.13.00. It does not properly validate requests for access to or editing of data and functionality in all endpoints under /settings/ and /api/settings/. By not verifying the permissions for access to...

8.8CVSS0.00972EPSS
Exploits1References2
Prion
Prion
added 2022/10/12 12:15 a.m.19 views

Improper access control

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI R18 Firmware v4.13.00. It does not properly validate requests for access to or editing of data and functionality in all endpoints under /settings/ and /api/settings/. By not verifying the permissions for access to...

6.5CVSS8.4AI score0.00972EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.6 views

PT-2022-19270 · Nokia · Nokia Airframe Bmc Web Gui

Name of the Vulnerable Software and Affected Versions: Nokia AirFrame BMC Web GUI versions prior to R18 Firmware v4.13.00 Description: A security issue was found in the software, related to improper access control. It does not correctly validate requests to access or edit data and functionality i...

8.8CVSS8.4AI score0.00972EPSS
Exploits1References3
CVE
CVE
added 2022/10/11 12:0 a.m.413 views

CVE-2022-28866

The affected component is Nokia AirFrame BMC Web GUI (R18 firmware) prior to v4.13.00. The issue is improper access control in API endpoints under /#settings/* and /api/settings/*, where requests are not properly validated for permissions. This can allow an attacker to view pages with sensitive d...

8.8CVSS8.4AI score0.00972EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 8:45 p.m.18 views

Security Bulletin: TSM Client Web GUI Unauthorized Access Vulnerability (CVE-2013-0472)

Abstract An unauthorized access vulnerability exists in the IBM Tivoli Storage Manager TSM client Web GUI Content DESCRIPTION: A vulnerability in the TSM client Web GUI allows unauthorized access to the TSM server. CVEID: CVE-2013-0472 CVSS Base Score: 5.1 CVSS Temporal Score: See...

5.1CVSS5.6AI score0.00989EPSS
Exploits0Affected Software4
OSV
OSV
added 2022/06/17 1:15 p.m.3 views

CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

9.8CVSS5.8AI score0.01089EPSS
Exploits1References2
NVD
NVD
added 2022/06/17 1:15 p.m.28 views

CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

9.8CVSS0.01089EPSS
Exploits1References2
Prion
Prion
added 2022/06/17 1:15 p.m.16 views

Sql injection

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

7.5CVSS9.8AI score0.01089EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/17 10:9 a.m.32 views

CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...

10AI score0.01089EPSS
Exploits1References2
CVE
CVE
added 2022/06/17 10:9 a.m.65 views

CVE-2021-41408

CVE-2021-41408 concerns VoIPmonitor WEB GUI (up to 24.61). The vulnerability is a SQL injection through the api.php endpoint via the user parameter, caused by missing input filtering/escaping. Exploitation could allow an attacker to execute arbitrary SQL commands and access stolen data, as indica...

9.8CVSS9.8AI score0.01089EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/05/04 2:15 p.m.15 views

CVE-2022-25784

Cross-site Scripting XSS vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7...

9.1CVSS0.0057EPSS
Exploits0References1
Prion
Prion
added 2022/05/04 2:15 p.m.24 views

Cross site scripting

Cross-site Scripting XSS vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7...

3.5CVSS4.7AI score0.0057EPSS
Exploits0References1Affected Software9
Cvelist
Cvelist
added 2022/05/04 1:56 p.m.22 views

CVE-2022-25784 User controllable HTML element attribute (potential XSS)

Cross-site Scripting XSS vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7...

9.1CVSS8.2AI score0.0057EPSS
Exploits0References1
CVE
CVE
added 2022/05/04 1:56 p.m.75 views

CVE-2022-25784

CVE-2022-25784: XSS in the Web GUI of Secomea SiteManager that lets a logged-in user inject scripts. Affected: SiteManager all versions prior to 9.7. Root cause described as a cross-site scripting vulnerability in the Web GUI; exploitation requires a logged-in user. The connected documents confir...

9.1CVSS5AI score0.0057EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/04/06 10:15 a.m.17 views

CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

9CVSS0.01456EPSS
Exploits0References1
OSV
OSV
added 2022/04/06 10:15 a.m.2 views

CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

8.8CVSS7.6AI score
Exploits0References1
Cvelist
Cvelist
added 2022/04/06 9:15 a.m.23 views

CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

7.2CVSS9.2AI score0.01456EPSS
Exploits0References1
CVE
CVE
added 2022/04/06 9:15 a.m.80 views

CVE-2021-24009

CVE-2021-24009 affects Fortinet FortiWAN through its Web GUI. The issue is an OS command injection (CWE-78) caused by improper neutralization of special elements in HTTP requests, allowing an authenticated attacker to execute arbitrary commands on the underlying system shell. Impact is high, with...

9CVSS9.1AI score0.01456EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/06 9:15 a.m.11 views

CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

7.2CVSS7.8AI score0.01456EPSS
Exploits0References1
Fortinet
Fortinet
added 2022/04/05 12:0 a.m.42 views

FortiWAN - Pervasive OS command injection

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in FortiWAN Web GUI may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

9CVSS9.1AI score0.01456EPSS
Exploits0Affected Software1
Rows per page
Query Builder