CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

Design/Logic Flaw

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

CVE-2017-12822 affects Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK prior to Sentinel LDK RTE 7.55. The NEAR-term root cause is an improper access control flaw that allows the administrative interface to be remotely enabled and disabled without authentication, potentially expanding the atta...

Multiple Vulnerabilities in Landesk Management Suite

Landesk Management Suite is a suite of IT system management solutions from LANDESK USA. The program supports software distribution, alarming and monitoring, remote management and control of desktops, servers and mobile devices. A remote file inclusion and cross-site request forgery vulnerability...

Mirasvit Helpdesk MX Cross-Site Scripting Vulnerability

Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A cross-site scripting vulnerability exists in the administration interface of Mirasvit Helpdesk MX versions prior to 1.5.3. A...

TecnoVISION DLX Spot Player4 SQL Injection Vulnerability

TecnoVISION DLX Spot Player4 is a control management software for LED video walls from TecnoVISION Australia. A SQL injection vulnerability exists in the admin interface of TecnoVISION DLX Spot Player4 versions 1.5.10 and later. A remote attacker can exploit this vulnerability by using a speciall...

CVE-2017-12930

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version 1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password...

CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

CVE-2017-12930

TecnoVISION DLX Spot Player4 (TecnoVISION DLX Spot) has an SQL Injection vulnerability in the admin interface for versions >1.5.10, enabling remote unauthenticated attackers to access the web interface as an administrator via a crafted password. Root cause: SQLi in the admin login. Impact: pot...

CVE-2014-5362

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to 1 ldms/smactionfrm.asp or 2 remote/frmcoremainfrm.aspx; or the 3 top parameter to...

DlxSpot SQL Injection

Exploit Title: DlxSpot - Player4 LED video wall - Admin Interface SQL Injection Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

SmokeSignal <= 1.2.6 - Authenticated Stored XSS

Plugin description: "This plugin allows you to communicate with other registered users of you wordpress blog/website/portal easily inside admin interface." Active installs according to https://wordpress.org/plugins/smokesignal/: 10 Messages aren't sanitized before they are displayed, so it's...

ForgeRock OpenIDM Admin UI Cross-Site Scripting Vulnerability

ForgeRock OpenIDM is an extensible set of identity management tools for managing the identity lifecycle and provisioning issues from ForgeRock, Inc. The Admin UI is one of the backend management interfaces. orgeRock OpenID Admin UI is vulnerable to a cross-site scripting vulnerability. A remote...

Micro Focus Enterprise Developer and Enterprise Server Cross-Site Request Forgery Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

Cisco Prime Infrastructure HTML Injection Vulnerability (CNVD-2017-221614)

Cisco Prime Infrastructure PI is a set of Cisco Prime LAN Management Solution LMS and Cisco Prime Network Control System NCS technologies for wireless management. solution. An HTML injection vulnerability exists in the administrative web interface in Cisco PI, which stems from the program failing...

SLiMS SQL Injection Vulnerability

SLiMS 8 Akasia is an open source, free library management system. An SQL injection vulnerability exists in the admin/AJAXlookuphandler.php file, the admin/AJAXcheckid.php file, and the admin/AJAXvocabolarycontrol.php file in SLiMS 8 Akasia 8.3.1 and earlier versions. A remote attacker can exploit...