CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

EUVD-2021-10032

Malware in sbrugna...

CVE-2019-19551

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

CVE-2023-29772

A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...

PT-2023-22412 · Asus · Asus Rt-Ac51U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC51U wireless router firmware versions up to and including 3.0.0.4.380.8591 Description: A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI allows remote attackers to inject...

VulnCheck KEV: CVE-2021-22900

Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface...

PT-2021-15287 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R12 Description: A vulnerability could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. Recommendations: For version...

EdgeSwitch Command Injection Vulnerability

EdgeSwitch is a poe Gigabit switch from Ubiquiti Networks Ubiquiti Express and is part of the EdgeMAX series. A command injection vulnerability exists in EdgeSwitch versions prior to 1.9.1. The vulnerability stems from a guessable SIDSSL cookie in the administrator web interface of an older versi...

CVE-2020-8221

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface...

CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure 9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS...

Path traversal

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting...

CVE-2020-8221

A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface...

CVE-2020-8220

A denial of service vulnerability exists in Pulse Connect Secure 9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS...

Pulse Secure Pulse Connect Secure and Pulse Policy Secure Path Traversal Vulnerabilities

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse and Pulse Policy Secure are both products of Pulse Secure, Inc.Pulse Connect Secure is an SSL VPN solution. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a network access control solution...

WAGO PFC200 Cloud Connectivity Improper Host Validation Vulnerability

Summary An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An...

CVE-2019-19551

In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are no...

Default credentials

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the...

CVE-2019-8991

The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and...