150 matches found
PT-2019-12079 · Salicru · Slc-20-Cube3
Name of the Vulnerable Software and Affected Versions: Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 Description: A reflected HTML injection issue allows remote attackers to inject arbitrary HTML elements via specific API endpoints, including /DataLog.csv?log=,...
PT-2019-9644 · Netdata +4 · Netdata +4
Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software due to JSON injection via the "api/v1/data" endpoint, specifically through the tqx parameter. This is caused by the web client api request v1 data function in web/api/web api...
PT-2019-9645 · Netdata +4 · Netdata +4
Name of the Vulnerable Software and Affected Versions: Netdata version 1.10.0 Description: An issue exists in the software where HTTP Header Injection is possible via the filename parameter in the "api/v1/data" endpoint. This is due to the web client api request v1 data function in web/api/web ap...
Drobo 5N2 Improper Access Control Vulnerability (CNVD-2019-05918)
The Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device features data sharing, data backup, remote access and disaster recovery. An access control error vulnerability exists in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115. An attacker...
CVE-2018-14703
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password...
PT-2018-17108 · Reprise · Reprise License Manager
Name of the Vulnerable Software and Affected Versions: Reprise License Manager version 11.0 Description: A Path Traversal issue allows an attacker to access files on the server's file system by modifying a field in the web request. Specifically, by specifying a pathname in the lf parameter to the...
OwnCloud 'dav' app content spoofing vulnerability
OwnCloud is a free and open source personal cloud storage solution from OwnCloud Germany. A content spoofing vulnerability exists in the OwnCloud 'dav' app. A misrepresentation of potential information is caused by displaying an anomalous message that contains partial user-controllable input at t...
UBUNTU-CVE-2016-3138
The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...
CVE-2016-3138
The acmprobe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and system crash via a USB device without both a control and a data endpoint descriptor...
Websense Appliance Manager - Command Injection
Websense Appliance Manager - Command Injection Abstract A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remo...