Design/Logic Flaw

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...

CVE-2019-10712

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...

CVE-2019-10712

The Web-GUI on WAGO Series 750-88x 750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889 and Series 750-87x 750-830, 750-849, 750-871, 750-872, 750-873 devices has undocumented service access...

CVE-2019-10712

CVE-2019-10712 (WAGO 750-88x/750-87x): The issue is due to a vulnerability in the Web-GUI where undocumented service access exists, enabling use of hard-coded/default credentials to access web management interfaces. Affected devices include WAGO Series 750-88x (models such as 750-330, 750-352, 75...

CVE-2018-14683

PRTG before 19.1.49.1966 has Cross Site Scripting XSS in the WEBGUI...

Titan FTP Server 2019 Build 3505 Directory Traversal

Discovered By: Kevin Randall on 3/23/2019 A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file through PreviewHandler.ashx by using a ....\ technique, arbitrary files can be loaded in the...

Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion

Exploit Title: Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion Google Dork: N/A Date: 3/26/2019 Exploit Author: Kevin Randall Vendor Homepage: https://titanftp.com/ Software Link: https://titanftp.com/download Version: Firmware: Titan FTP Server Version 2019 Buil...

CVE-2018-19537

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

CVE-2018-19537

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

Default credentials

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

CVE-2018-19537

CVE-2018-19537 affects TP-Link Archer C5 devices (V2_160201_US and earlier) and allows remote command execution via shell metacharacters in the wan_dyn_hostname line of a configuration file. The file is encrypted with the key 478DA50BF9E3D2CF and uploaded through the web GUI by using a web admin ...

BSA-2018-735

Security Advisory ID : BSA-2018-735 Component : Fabric OS WebGui Revision : 1.0: Initial A vulnerability in the Brocade webtools firmware update section of Brocade Fabric OS could allow remote authenticated attackers to execute arbitrary commands as the root user. Affected Products Brocade Fabric...

CVE-2018-16055

pfSense before 2.4.4 is affected by an authenticated command injection in status_interfaces.php (dhcp_relinquish_lease()). User input from POST parameters ifdescr and ipv is passed to a shell without escaping, allowing an authenticated WebGUI user with privileges on the page to execute commands a...

Authentication flaw

There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.401.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genieping.htm or genieping2.htm or...

ADB Broadband Gateways Routers - Authorization Bypass

ADB Broadband Gateways Routers - Authorization Bypass SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version:...

ADB Broadband Gateways / Routers - Authorization Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N, DV2210, VV2220, VV5522, etc...

ADB Broadband Gateways / Routers - Authorization Bypass Vulnerability

Exploit for hardware platform in category web applications ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202N, DV2210, VV2220,...

Mquery - YARA Malware Query Accelerator (Web Frontend)

Ever had trouble searching for particular malware samples? This project is an analyst-friendly web GUI to look through your digital warehouse. mquery can be used to search through terabytes of malware in a blink of an eye: Thanks to the UrsaDB database, queries on large datasets can be extremely...

Security Bulletin: Multiple Security Vulnerabilities in Certain GUI Components of IBM Algo Credit Limits.

Summary Abstract: Multiple security vulnerabilities exist in certain GUI components of IBM Algo Credit Limits, namely ACLM Web GUI, PDS Blotter Web GUI, and ACLM Win GUI. Details of each vulnerability and the affected components are set out below. Vulnerability Details DESCRIPTION: Customers who...

SAP Web GUI Detection

Detection of SAP Web GUI. SAP Web GUI offers the equivalent functions as a SAP GUI Client over HTTP/S accessible through a browser. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...