33 matches found
EUVD-2020-4459
Malware in sbrugna...
EUVD-2014-3311
Malware in sbrugna...
PT-2025-16474
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Recommendations At the moment, there is no information about a newer version that contains a fix for...
CVE-2021-38486
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to...
CVE-2021-38486
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to...
Code injection
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to...
CVE-2021-38486
InHand Networks IR615 Router vulnerable via CVE-2021-38486 due to improper authorization in the cloud portal, enabling self-registration without account creation and potentially full control of the device and code execution in the internal network. Affected versions per trusted advisory: IR615 Ro...
CVE-2020-24595
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control...
CVE-2020-12144
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal...
CVE-2020-12144
The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal...
CVE-2020-12144
CVE-2020-12144 describes a trust-management vulnerability in Silver Peak EdgeConnect where the certificate used to identify the Cloud Portal to EdgeConnect devices is not validated. This allows establishing a TLS connection from EdgeConnect to an untrusted portal, potentially enabling man-in-the-...
Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15622)
The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the cloud portal register method in Quest DR Series disk backup software before 4.0.3.1. An attacker can exploit this vulnerability to execute commands via the 'registrationCode' request...
CVE-2015-4190
CVE-2015-4190 affects Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances. The root cause is a design flaw/default host keys that enable a man-in-the-middle attack, allowing an unauthenticated remote attacker to modify data during login or data exchange via u...
Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability
A vulnerability in Cisco Cloud Portal Appliance could aid an unauthenticated, remote attacker in performing a man-in-the-middle attack. The vulnerability is due to a design error in the affected software. An unauthenticated, remote attacker could exploit this vulnerability to perform a...
CVE-2014-3352
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
CVE-2014-3352
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
Design/Logic Flaw
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal 2008.3SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID...
CVE-2014-3350
Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870...
CVE-2014-3349
Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) suffers an arbitrary file upload vulnerability due to insufficient input validation of file types during file submission. An authenticated, remote attacker could submit a crafted file to an affected device, enabling arbitrary file upload...
CVE-2014-3351
Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) is affected by CVE-2014-3351 due to a failure to properly validate NULL sessions. An unauthenticated, remote attacker could send crafted packets to an affected device and view sensitive information, per Cisco’s advisory (Bug IDs CSCuh873...