CVE-2023-49101

WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates...

CVE-2023-49101

WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates...

CVE-2023-49101

WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates...

CVE-2023-49101

WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates...

CVE-2023-49101

Axigen WebAdmin vulnerability CVE-2023-49101 is a cross-site scripting issue in the WebAdmin interface tied to mishandling the viewing of SSL certificate usage. Affected series include Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10. The root cause, as described a...

CVE-2023-49255

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated...

Default credentials

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated...

CVE-2023-49255 Router console accessible without authentication

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated...

Thai Auto Web 1.2 Missing Authentication

==================================================================================================================================== | Title : Thai Auto Web 1.2 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

SUSE CVE-2014-9403

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash by adding a channel with the same name as an existing channel but without the leading character, related to a...

Sophos SG UTM < 9.511 / 9.6 < 9.607 / 9.7 < 9.705 RCE (CVE-2020-25223)

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before 9.511 MR11, 9.6 before 9.607 MR7, and 9.7 before 9.705 MR5. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host as the root user. Note...

CVE-2022-3709

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA...

CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA...

CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA...

CVE-2022-3709

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA...

Cross site scripting

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA...

Code injection

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA...

Sophos Firewall 代码注入漏洞

Sophos Firewall is a firewall from Sophos UK. A code injection vulnerability exists in versions prior to Sophos Firewall 19.5GA, which originates from an administrator being able to implement code execution in Webadmin via code injection...

PT-2022-23706 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: A post-auth code injection issue allows admins to execute code in the Webadmin of Sophos Firewall. This issue does not specify the estimated number of potentially affected devices worldwi...

CVE-2022-3696

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA...