Lucene search
K

216 matches found

OSV
OSV
added 2022/04/06 7:15 p.m.3 views

CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

7.2CVSS7.6AI score0.03177EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.8 views

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a perpetrator to execute cross-site scripting (XSS) attacks.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software lies in the lack of measures to protect input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site...

6.4CVSS6.3AI score0.01233EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.6 views

The vulnerability in the web interface of the administrator’s VPN server for corporate networks, Pulse Connect Secure, allows a hacker to increase their privileges.

The vulnerability in the web interface of VPN gateways for corporate networks, Pulse Connect Secure, involves unlimited downloading of malicious files. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

7.2CVSS7.8AI score0.14146EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/10/31 7:15 p.m.18 views

Authentication flaw

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history...

5CVSS5.4AI score0.01718EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2021/10/25 12:0 a.m.15 views

SolarWinds Orion Platform has an unspecified vulnerability (CNVD-2021-101208)

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based views of the entire network...

6.4CVSS2.1AI score0.00817EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.8 views

SolarWinds Orion Platform 安全漏洞

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based views of the entire network...

6.4CVSS5.5AI score0.00817EPSS
Exploits0References5
Gitee
Gitee
added 2021/09/29 10:38 p.m.3 views

POC-EXP

It is an offensive tool for vulnerability exploitation. The repository contains a collection of exploits and proof-of-concept PoC code for various vulnerabilities. No specific CVE or GHSA IDs are mentioned, but the repository is likely focused on demonstrating exploitation techniques rather than...

8AI score
Exploits0
CNVD
CNVD
added 2021/09/02 12:0 a.m.18 views

SolarWinds Orion Platform has an unspecified vulnerability (CNVD-2021-101209)

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based views of the entire network. Code...

8.1CVSS2.4AI score0.02043EPSS
Exploits0
CNVD
CNVD
added 2021/09/02 12:0 a.m.40 views

Solarwinds Orion Platform Cross-Site Scripting Vulnerability (CNVD-2021-101211)

Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network, etc....

6.5CVSS0.8AI score0.01074EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/01 12:0 a.m.28 views

SolarWinds Orion Platform SQL Injection Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

9CVSS1.9AI score0.01642EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/15 12:0 a.m.1 views

PT-2021-3803 · Realtek · Realtek Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek Jungle SDK versions v2.x through v3.4.14B Description: The Realtek Jungle SDK provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exist:...

10CVSS9.5AI score0.981EPSS
Exploits2References14
OSV
OSV
added 2021/08/10 7:15 p.m.4 views

CVE-2021-21600

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path...

6.5CVSS6.6AI score0.00832EPSS
Exploits0References1
OSV
OSV
added 2021/08/04 6:15 p.m.3 views

CVE-2021-1610

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...

8.8CVSS7.5AI score0.09065EPSS
Exploits0References1
OSV
OSV
added 2021/08/04 6:15 p.m.0 views

CVE-2021-1609

Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service DoS condition Execute arbitrary commands For more...

9.8CVSS7.3AI score0.09691EPSS
Exploits0References1
Prion
Prion
added 2021/04/29 3:15 p.m.20 views

Remote code execution

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution...

6.5CVSS9.3AI score0.08689EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2021/04/29 3:15 p.m.32 views

Design/Logic Flaw

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor...

5CVSS8.4AI score0.0817EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/04/29 2:29 p.m.31 views

CVE-2021-20092

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor...

8.7AI score0.0817EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/04/29 12:0 a.m.35 views

CVE-2021-20090

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 could allow unauthenticated remote attackers to bypass authentication...

8.5AI score0.99983EPSS
Exploits5References3
BDU FSTEC
BDU FSTEC
added 2021/04/13 12:0 a.m.6 views

The vulnerability in the web interface of the Cisco Unified Intelligence Center reporting software and the Cisco Unified Contact Center Express operator automation software allows a perpetrator to perform cross-site scripting attacks (XSS).

The vulnerability in the web interface of the Cisco Unified Intelligence Center reporting software and the Cisco Unified Contact Center Express operator automation software relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor...

6.4CVSS6AI score0.00823EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/04/13 12:0 a.m.5 views

The vulnerability in the web interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems allows a perpetrator to perform cross-site scripting (XSS) attacks.

The vulnerability in the web interface for managing Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, and Cisco Unity Connection systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor...

6.4CVSS6AI score0.00823EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder