Unspecified Vulnerability in Oracle iPlanet Web Server (CNVD-2017-33734)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. Oracle iPlanet Web Server is one of the Web servers designed specifically for medium and large enterpris...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-32492)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States of America Cisco Cisco company's set of audio and video conferencing server software.Web Admin Interface is one of the Web login interface. A denial of service vulnerability exists in the Web Admin Interfac...

Design/Logic Flaw

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

Design/Logic Flaw

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

CVE-2017-12822 affects Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK prior to Sentinel LDK RTE 7.55. The NEAR-term root cause is an improper access control flaw that allows the administrative interface to be remotely enabled and disabled without authentication, potentially expanding the atta...

Multiple Vulnerabilities in Landesk Management Suite

Landesk Management Suite is a suite of IT system management solutions from LANDESK USA. The program supports software distribution, alarming and monitoring, remote management and control of desktops, servers and mobile devices. A remote file inclusion and cross-site request forgery vulnerability...

TecnoVISION DLX Spot Player4 SQL Injection Vulnerability

TecnoVISION DLX Spot Player4 is a control management software for LED video walls from TecnoVISION Australia. A SQL injection vulnerability exists in the admin interface of TecnoVISION DLX Spot Player4 versions 1.5.10 and later. A remote attacker can exploit this vulnerability by using a speciall...

Mirasvit Helpdesk MX Cross-Site Scripting Vulnerability

Mirasvit Helpdesk MX is a set of extension support platform for Magento e-commerce system from Mirasvit. The platform provides a variety of extension modules for Magento. A cross-site scripting vulnerability exists in the administration interface of Mirasvit Helpdesk MX versions prior to 1.5.3. A...

CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

CVE-2017-12930

SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version 1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password...

CVE-2017-12930

TecnoVISION DLX Spot Player4 (TecnoVISION DLX Spot) has an SQL Injection vulnerability in the admin interface for versions >1.5.10, enabling remote unauthenticated attackers to access the web interface as an administrator via a crafted password. Root cause: SQLi in the admin login. Impact: pot...

CVE-2014-5362

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to 1 ldms/smactionfrm.asp or 2 remote/frmcoremainfrm.aspx; or the 3 top parameter to...

DlxSpot SQL Injection

Exploit Title: DlxSpot - Player4 LED video wall - Admin Interface SQL Injection Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/ Software Link: n/a Version: 1.5.10 Tested on:...

SmokeSignal <= 1.2.6 - Authenticated Stored XSS

Plugin description: "This plugin allows you to communicate with other registered users of you wordpress blog/website/portal easily inside admin interface." Active installs according to https://wordpress.org/plugins/smokesignal/: 10 Messages aren't sanitized before they are displayed, so it's...