PT-2024-21676 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue allows an attacker to remotely compromise Toshiba printers by exploiting the admin web interface's file upload functionality. This can lead to the overwrite of insecure...

PT-2024-4348 · Inpas Soft · Inpas Soft Uniport Eslip

Name of the Vulnerable Software and Affected Versions: INPAS SOFT UniPORT Eslip affected versions not specified Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to gain access to the application's administrative web interface...

CVE-2023-7092

A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlanbasicset.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The...

Cross site request forgery (csrf)

A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlanbasicset.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The...

CVE-2023-7092 Uniway UW-302VP Admin Web Interface wlan_basic_set.cgi cross-site request forgery

A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /boaform/wlanbasicset.cgi of the component Admin Web Interface. The manipulation of the argument wlanssid/password leads to cross-site request forgery. The...

CVE-2023-34999

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 5.7.6 and v6 6.5.0 that allows an attacker to perform arbitrary code execution via the admin web interface...

Command injection

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 5.7.6 and v6 6.5.0 that allows an attacker to perform arbitrary code execution via the admin web interface...

CVE-2023-34999

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 5.7.6 and v6 6.5.0 that allows an attacker to perform arbitrary code execution via the admin web interface...

CVE-2023-34999

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 5.7.6 and v6 6.5.0 that allows an attacker to perform arbitrary code execution via the admin web interface...

PT-2022-23713 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.3 Description: The administrative web interface of WS FTP Server contains multiple reflected cross-site scripting XSS vulnerabilities. A remote attacker can inject arbitrary JavaScript into a WS FTP...

CVE-2022-26494

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...

CVE-2022-26494

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...

CVE-2022-26494

CVE-2022-26494 describes an XSS in PrimeKey SignServer Admin Web: an attacker can inject JavaScript by placing code in a worker name prior to a Generate CSR request. Exploitation requires authentication (admin) and targets SignServer versions before 5.8.1. The vulnerability arises from handling t...

PT-2022-17900 · Primekey · Primekey Signserver

Name of the Vulnerable Software and Affected Versions: PrimeKey SignServer versions prior to 5.8.1 Description: A cross-site scripting XSS issue was identified in the Admin Web interface. This issue can be exploited by using JavaScript code in a worker name before a Generate CSR request. It is...

Pulse Connect Secure Code Injection Vulnerability

A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

CVE-2021-43774

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer e.g., by using the default credentials can download the address book file, which contains the list of users domain users, FTP users...

Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands...

CVE-2021-34715

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

Grandstream GRP261x VoIP phone 访问控制错误漏洞

The Grandstream GRP261x VoIP phone is an IP phone from Grandstream USA. A carrier-grade IP phone designed for large-scale deployments. A security vulnerability exists in the Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 that allows authentication bypass in its administration web...

VulnCheck KEV: CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...