CVE-2020-6641

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...

思科 Cisco Unified Communications Manager SQL注入漏洞

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable, and highly available enterprise IP telephony call processing solution. A SQL injection vulnerability...

CVE-2021-28828

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabri...

Invigo Automatic Device Management 操作系统命令注入漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. An arbitrary OS command injection vulnerability exists in /admin/admapi.php in...

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI

Exploit Title: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion Date: 2020-10-27 Exploit Author: Ivo Palazzolo @palaziv Reference: https://www.oracle.com/security-alerts/cpuoct2020.html Vendor Homepage...

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion

Exploit Title: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion Date: 2020-10-27 Exploit Author: Ivo Palazzolo @palaziv Reference: https://www.oracle.com/security-alerts/cpuoct2020.html Vendor Homepage...

CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI...

CVE-2019-20028

CVE-2019-20028 affects NEC PBXes running InMail (all SV8100/SV9100/SL1100/SL2100 variants) where the WebPro administration interface allows unauthenticated read-only access to voicemails, greetings, and voice response system content. The root cause is an unauthenticated exposure via WebPro; impac...

CompleteFTP Professional 12.1.3 - Remote Code Execution

Exploit Title: CompleteFTP Professional 12.1.3 - Remote Code Execution Date: 2020-03-11 Exploit Author: 1F98D Original Author: Rhino Security Labs Vendor Homepage: https://enterprisedt.com/products/completeftp/ Version: CompleteFTP Professional Tested on: Windows 10 x64 CVE: CVE‑2019‑16116...

CVE-2018-6446

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

Fedora: Security Advisory for glpi (FEDORA-2020-ee30e1109f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: glpi-9.4.6-1.fc32

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 31 Update: glpi-9.4.6-1.fc31

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

Unisoon UltraLog Express SQL Injection Vulnerability

Unisoon UltraLog Express is a telephone recording system from Unisoon, Taiwan, China. A SQL injection vulnerability exists in the administration interface in Unisoon UltraLog Express. The vulnerability stems from the lack of validation of externally entered SQL statements in database-based...

Authorizations Bypass in the FortiPresence portal parameters

Two authorization bypass through user-controlled key vulnerabilities in the FortiPresence administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters...

CVE-2019-19226

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter1 POST request without being authenticated on the admin interface...

Improper access control

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to download the configuration binary file settings by submitting a rom-0 GET request without being authenticated on the admin interface...

Ruckus Wireless Unleashed emfd Arbitrary OS Command Execution Vulnerability

Ruckus Wireless Unleashed is a wireless virtual control device. The Ruckus Wireless Unleashed emfd admin/cmdstat.jsp fails to properly handle the xcmd=import-category attribute, which can be exploited by a remote attacker to submit a special POST request that can be used in the application contex...

CVE-2019-19822

The CVE-2019-19822 entry concerns Realtek SDK-based routers (Boa HTTP server using Realtek APMIB 0.11f) where unauthenticated remote attackers can retrieve the full router configuration (including credentials) via the config.dat file. Affected devices include TOTOLINK A3002RU (up to 2.0.0), A702R...

CVE-2019-19823

CVE-2019-19823 affects Realtek SDK-based routers (Boa 0.94.14rc21) used by TOTOLINK, Sapido, CIK Telecom, Fibergate, and others. The issue allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, by accessing the config.dat/file storage...