91 matches found
CVE-2024-40693
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing furth...
CVE-2025-20123
Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based...
CVE-2024-55514
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /uploadsfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions...
CVE-2024-23188
Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...
PT-2023-5856 · Supermicro · Supermicro X11Sse-F +1
Name of the Vulnerable Software and Affected Versions: Supermicro X11SSM-F version 1.66 Supermicro X11SAE-F version 1.66 Supermicro X11SSE-F version 1.66 Description: An issue exists in the web interface of Supermicro X11 series BMC IPMI servers due to inadequate protection of the web page...
CVE-2023-34237
SABnzbd (Usenet downloader) is affected by CVE-2023-34237 due to a design flaw in the Notification Script parameters that enables remote code execution with SABnzbd process privileges. Exploitation requires access to the web interface; remote access is possible if the instance is exposed to the i...
Cisco Smart Software Manager On-Prem SQL Injection Vulnerability
Cisco Smart Software Manager On-Prem SSM On-Prem is a Cisco component for Cisco product license management. Cisco Smart Software Manager On-Prem SSM On-Prem suffers from a SQL injection vulnerability that originates from the web-based management interface not adequately validating user input. An...
PT-2023-2828 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Identity Services Engine ISE that could allow an authenticated attacker to delete or read arbitrary...
Default credentials
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...
CVE-2021-3660
Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...
Fortinet FortiPortal Denial of Service Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability in the web interface of Fortinet FortiPortal prior to 6.0.6 with...
IBM Cognos Analytics 跨站脚本漏洞
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...
Grandstream GRP261x VoIP phone running firmware license issue vulnerability
The Grandstream GRP261x VoIP phone is an IP phone from Grandstream USA. A carrier-grade IP phone designed for large-scale deployments. A security vulnerability exists in the Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 that allows authentication bypass in its administration web...
Cisco Data Center Network Manager Reflective File Download Vulnerability
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A reflective file download vulnerability exists in the Web management interface of...
EUVD-2021-6605
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2020-7116
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...
CVE-2014-9405
CVE-2014-9405 is an XSS in Freebox OS Web interface 3.0.2. The vulnerability is in the description field of a Download RSS item or Contacts, allowing injected script when a user views the feed or imported VCARD content. Root cause: insufficient input filtering in the web interface; impact describ...
TIBCO Security Advisory: October 8, 2019 - TIBCOMDM
TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities Original release date:October 8, 2019 Last revised: CVE-2019-11212 Source: TIBCO Software Inc. TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities Original release date: October 8, 2019 Last revised: --- Source: TIBCO Software Inc. Systems...
CVE-2019-1822 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because t...
PT-2019-1583 · Cisco · Cisco Dna Center
Name of the Vulnerable Software and Affected Versions: Cisco DNA Center versions prior to 1.2.5 Description: A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...