CVE-2024-36787

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors...

PT-2023-28077 · Wpgens · Swifty Bar

Name of the Vulnerable Software and Affected Versions: Swifty Bar, sticky bar by WPGens plugin versions = 1.2.10 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This allows for malicious scripts to be stored on th...

Design/Logic Flaw

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

iisPROTECT Admin Interface SiteAdmin.ASP GroupName Parameter SQL Injection

The remote host is running iisPROTECT, an IIS add-on to protect the pages served by this server. There is a bug in the remote version of iisPROTECT that may allow an attacker with the ability to browse the administrative interface to execute arbitrary commands through SQL injection on this host...

Axis Network Camera 2.x - HTTP Authentication Bypass

source: https://www.securityfocus.com/bid/7652/info A vulnerability has been discovered in various Axis Communications products. By making a request for a specially formatted URL, it may be possible for remote users to access the administrative configuration interface without being prompted for...

EServ 2.9x - Password-Protected File Access

EServ 2.9x - Password-Protected File Access source: https://www.securityfocus.com/bid/3838/info EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems. It is possible to construct a web request which is capable of accessing the contents of password...