216 matches found
EUVD-2014-5218
Malware in sbrugna...
EUVD-2018-18801
Malware in sbrugna...
EUVD-2004-0671
Malware in sbrugna...
EUVD-2021-19970
Malware in sbrugna...
EUVD-2019-7864
Malware in sbrugna...
EUVD-2020-22045
Malware in sbrugna...
EUVD-2007-5514
Malware in sbrugna...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...
CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service root or SYSTEM by default. This is thu...
The vulnerability of the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows attackers to compromise the integrity of protected information.
The vulnerability of the web interface of IBM OpenPages and IBM OpenPages with Watson relates to the lack of traceability in the trust chain during certificate verification. Exploitation of this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the...
The vulnerability in the web interface of the risk management platforms IBM OpenPages and IBM OpenPages with Watson allows a perpetrator to write or re-write any files as desired.
The vulnerability of the IBM OpenPages and IBM OpenPages with Watson web interfaces relates to incorrect restrictions on the path name to the restricted catalog. Exploitation of this vulnerability could allow a malicious actor to write to or re-write any files remotely...
The vulnerability in the web-based interfaces of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager allows a perpetrator to execute arbitrary commands.
The vulnerability of the Web interface for managing Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager systems relates to incorrect elimination of certain elements in the output data. Exploiting this vulnerability could allow a malicious actor to execute...
How to Create a Scan to Identify Remote Command Execution
This whitepaper covers how to create a scan in Perl to identify remote command execution in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid RCE problems at the code...
How to Create a Scan for Path Traversal
This whitepaper covers how to create a scan in Perl to identify path traversal in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid path traversal problems at the code...
CVE-2024-11667
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50W series firmware versions V5.10 through V5.38, and USG20W-VPN series firmware versions V5.10 through...
The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator (NSO) and ConfD software, which is used by the web-based management interfaces for Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN, allows a malicious actor to escalate their privileges.
The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator NSO and ConfD software, which is used by the Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN control web interfaces, is related to incorrect authentication checks in the API...
Vulnerability of web-based interfaces for microprogramming systems: Wi-Fi routers such as Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360 allow attackers to disclose protected information.
The vulnerability of the web-based management interfaces for Netis microprogramming systems, including Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360, is related to insufficient protection for sensitive data. Exploiting this...
Vulnerability of web-based interfaces for microprogramming software Wi-Fi routers such as Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360 allow attackers to increase their privileges
The vulnerability of the web-based management interfaces for Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360 lies in the reading of data beyond the permitted range in memory. Exploiting this vulnerability can allow an attacker to...
The vulnerability in the web interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows attackers to perform cross-site scripting attacks and gain unauthorized access to protected information.
The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to perform cross-site scripting...