216 matches found
CVE-2022-20755
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...
The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a perpetrator to execute cross-site scripting (XSS) attacks.
The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software lies in the lack of measures to protect input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site...
The vulnerability in the web interface of the administrator’s VPN server for corporate networks, Pulse Connect Secure, allows a hacker to increase their privileges.
The vulnerability in the web interface of VPN gateways for corporate networks, Pulse Connect Secure, involves unlimited downloading of malicious files. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
Authentication flaw
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history...
SolarWinds Orion Platform has an unspecified vulnerability (CNVD-2021-101208)
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based views of the entire network...
SolarWinds Orion Platform 安全漏洞
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based views of the entire network...
POC-EXP
It is an offensive tool for vulnerability exploitation. The repository contains a collection of exploits and proof-of-concept PoC code for various vulnerabilities. No specific CVE or GHSA IDs are mentioned, but the repository is likely focused on demonstrating exploitation techniques rather than...
SolarWinds Orion Platform has an unspecified vulnerability (CNVD-2021-101209)
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based views of the entire network. Code...
Solarwinds Orion Platform Cross-Site Scripting Vulnerability (CNVD-2021-101211)
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network, etc....
SolarWinds Orion Platform SQL Injection Vulnerability
SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...
PT-2021-3803 · Realtek · Realtek Jungle Sdk
Name of the Vulnerable Software and Affected Versions: Realtek Jungle SDK versions v2.x through v3.4.14B Description: The Realtek Jungle SDK provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exist:...
CVE-2021-21600
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path...
CVE-2021-1610
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...
CVE-2021-1609
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...
Remote code execution
The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution...
Design/Logic Flaw
The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor...
CVE-2021-20092
The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor...
CVE-2021-20090
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 could allow unauthenticated remote attackers to bypass authentication...
The vulnerability in the web interface of the Cisco Unified Intelligence Center reporting software and the Cisco Unified Contact Center Express operator automation software allows a perpetrator to perform cross-site scripting attacks (XSS).
The vulnerability in the web interface of the Cisco Unified Intelligence Center reporting software and the Cisco Unified Contact Center Express operator automation software relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor...
The vulnerability in the web interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems allows a perpetrator to perform cross-site scripting (XSS) attacks.
The vulnerability in the web interface for managing Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor...