330 matches found
CVE-2021-20843
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...
CVE-2021-20843
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...
Cross site scripting
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...
CVE-2021-20844
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive...
CVE-2021-20843
The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...
CVE-2021-20843
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...
CVE-2020-12814
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI...
Cross site scripting
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI...
CVE-2020-12814
A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI...
Sql injection
Imagicle Application Suite for Cisco UC before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI...
Command injection
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
IBM Tivoli Netcool/OMNIbus Web GUI Cross-Site Scripting Vulnerability (CNVD-2021-57447)
IBM Tivoli Netcool/OMNIbus is a service level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is a web-based version of the application that displays event data from multiple data sources in a variety of graphical formats in...
IBM Tivoli Netcool/OMNIbus Web GUI Cross-Site Scripting Vulnerability (CNVD-2021-57448)
IBM Tivoli Netcool/OMNIbus is a service level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is the web-based application version of the system that displays event data from multiple data sources in a variety of graphical formats ...
IBM Tivoli Netcool/OMNIbus Web GUI Storage Based Cross-Site Scripting Vulnerability (CNVD-2022-05122)
IBM Tivoli Netcool/OMNIbus is a service-level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is a web-based application version of the system that displays event data from multiple data sources in a variety of graphical formats in...
IBM Tivoli Netcool/OMNIbus Web GUI Storage Based Cross-Site Scripting Vulnerability
IBM Tivoli Netcool/OMNIbus is a service-level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is a web-based application version of the system that displays event data from multiple data sources in a variety of graphical formats in...
QSAN SANOS Injection Vulnerability
QSAN SANOS is the SAN storage management operating system from QSAN China. It comes with a refreshingly easy-to-use Web GUI and can be easily deployed into any infrastructure. An injection vulnerability exists in QSAN SANOS, which stems from the product's setting page not filtering user-entered...
QSAN SANOS and QSAN XEVO Command Injection Vulnerability
QSAN SANOS and QSAN XEVO are both products of QSAN China. QSAN SANOS is a SAN storage management operating system. It comes with a refreshingly easy-to-use Web GUI and can be easily deployed to any infrastructure.QSAN XEVO is a flash data management system. It reduces repetitive tasks and provide...
Docker Dashboard Remote Command Execution
!/usr/bin/python -- coding: UTF-8 -- dockdash.py Docker Dashboard Remote Command Execution Exploit Jeremy Brown jbrown3264/gmail July 2021 "A simple web based GUI for managing Docker containers and images" Note: this app is NOT part of the official docker product, nor related to the Docker...