Authorization

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme...

CVE-2016-8494

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme...

CVE-2016-8494

Fortinet Connect is affected. The issue stems from insufficient verification of uploaded files in the web UI, allowing a webui administrator to upload a new theme that enables arbitrary code execution on the system. The connected Fortinet advisory FG-IR-16-080 confirms the root access potential v...

CVE-2016-8494

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme...

Fortinet Connect admin able to gain root access

A webui administrator may create a new theme that performs arbitrary code execution on the system...

FortiOS Local Admin Password Hash Leak Vulnerability

A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar very bugs in the WebUI exist and thier support...

CVE-2015-7360

FortiSandbox WebUI prior to version 2.1 is vulnerable to multiple cross-site scripting (XSS) flaws. The Flaws allow remote attackers to inject arbitrary script or HTML via: (1) the serial parameter in alerts/summary/profile/; (2) the urlForCreatingReport parameter in csearch/report/export/; (3) t...

Skydive - An Open Source Real-Time Network Topology and Protocols Analyzer

Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. Al...

Open Source Real Time Network Analyzer: skydive

Open Source Real Time Network Topology and Protocols Analyzer Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flow...

CVE-2016-3978

The Web User Interface WebUI in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting XSS attacks via the "redirect" parameter to "login."...

CVE-2016-3978

The Web User Interface WebUI in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting XSS attacks via the "redirect" parameter to "login."...

CVE-2016-3978

FortiOS Web UI (Fortinet) is affected by CVE-2016-3978. Affects FortiOS WebUI in 5.0.x prior to 5.0.13, 5.2.x prior to 5.2.3, and 5.4.x prior to 5.4.0. The flaw allows remote attackers to redirect users to arbitrary sites via the redirect parameter to login, enabling phishing or cross-site script...

Fortinet FortiOS Open Redirect / Cross Site Scripting

Description =================================================================== The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting. Public Fortinet...

Cisco APIC-EM WebUI Detection

Binary data ciscoapicwebuidetect.nbin...

HomeMatic WebUI Detection

The script sends a HTTP request to the server and attempts to extract the version from the reply. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mageia: Security Advisory (MGASA-2015-0265)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome OS < 43.0.2357.125 Multiple Vulnerabilities

Binary data 8887.prm...

Google Chrome < 43.0.2357.130 Multiple Vulnerabilities

Binary data 8880.pasl...