330 matches found
CVE-2022-28866
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI R18 Firmware v4.13.00. It does not properly validate requests for access to or editing of data and functionality in all endpoints under /settings/ and /api/settings/. By not verifying the permissions for access to...
Improper access control
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI R18 Firmware v4.13.00. It does not properly validate requests for access to or editing of data and functionality in all endpoints under /settings/ and /api/settings/. By not verifying the permissions for access to...
PT-2022-19270 · Nokia · Nokia Airframe Bmc Web Gui
Name of the Vulnerable Software and Affected Versions: Nokia AirFrame BMC Web GUI versions prior to R18 Firmware v4.13.00 Description: A security issue was found in the software, related to improper access control. It does not correctly validate requests to access or edit data and functionality i...
CVE-2022-28866
The affected component is Nokia AirFrame BMC Web GUI (R18 firmware) prior to v4.13.00. The issue is improper access control in API endpoints under /#settings/* and /api/settings/*, where requests are not properly validated for permissions. This can allow an attacker to view pages with sensitive d...
Security Bulletin: TSM Client Web GUI Unauthorized Access Vulnerability (CVE-2013-0472)
Abstract An unauthorized access vulnerability exists in the IBM Tivoli Storage Manager TSM client Web GUI Content DESCRIPTION: A vulnerability in the TSM client Web GUI allows unauthorized access to the TSM server. CVEID: CVE-2013-0472 CVSS Base Score: 5.1 CVSS Temporal Score: See...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
Sql injection
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter...
CVE-2021-41408
CVE-2021-41408 concerns VoIPmonitor WEB GUI (up to 24.61). The vulnerability is a SQL injection through the api.php endpoint via the user parameter, caused by missing input filtering/escaping. Exploitation could allow an attacker to execute arbitrary SQL commands and access stolen data, as indica...
CVE-2022-25784
Cross-site Scripting XSS vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7...
Cross site scripting
Cross-site Scripting XSS vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7...
CVE-2022-25784 User controllable HTML element attribute (potential XSS)
Cross-site Scripting XSS vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7...
CVE-2022-25784
CVE-2022-25784: XSS in the Web GUI of Secomea SiteManager that lets a logged-in user inject scripts. Affected: SiteManager all versions prior to 9.7. Root cause described as a cross-site scripting vulnerability in the Web GUI; exploitation requires a logged-in user. The connected documents confir...
CVE-2021-24009
Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...
CVE-2021-24009
Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...
CVE-2021-24009
Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...
CVE-2021-24009
CVE-2021-24009 affects Fortinet FortiWAN through its Web GUI. The issue is an OS command injection (CWE-78) caused by improper neutralization of special elements in HTTP requests, allowing an authenticated attacker to execute arbitrary commands on the underlying system shell. Impact is high, with...
CVE-2021-24009
Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...
FortiWAN - Pervasive OS command injection
Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in FortiWAN Web GUI may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...