296 matches found
Cross site request forgery (csrf)
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI...
CVE-2020-25142
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI...
CVE-2020-5621
Cross-site request forgery CSRF vulnerability in NETGEAR switching hubs GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified...
CVE-2020-5621
Cross-site request forgery CSRF vulnerability in NETGEAR switching hubs GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in NETGEAR switching hubs GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified...
Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack
A popular consumer-grade security camera made by TP-Link and sold under the Kasa brand has bevy of bugs that open the hardware to remote attacks, such as giving hackers access to private video feeds and the ability to change device settings. The researcher Jason Kent, with Cequence Security,...
Hardcoded credentials
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...
CVE-2020-12035
CVE-2020-12035 affects Baxter PrismaFlex (all versions) and PrisMax (all versions prior to 3.x). Root cause is a hard-coded service password that grants access to biomedical information, device settings, calibration settings, and network configuration, enabling an attacker to modify device settin...
CVE-2020-12035
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...
Baxter PrismaFlex Hardcoding Vulnerability
The Baxter PrismaFlex is a critical care device from Baxter. A hard-coded vulnerability exists in Baxter PrismaFlex all versions that stems from the fact that PrismaFlex contains a hard-coded service password that can be exploited by an attacker to modify device settings and calibration values...
CVE-2020-4353
IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505...
CVE-2020-4353
IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505...
Security Bulletin: Instability in the Kiosk Android (CVE-2020-4353)
Summary Instability in the Kiosk Android Application leads to a bypass in MDM Restrictions Vulnerability Details CVEID: CVE-2020-4353 DESCRIPTION: IBM MaaS360 could allow a user with physical access to the device to crash the application, which may enable the user to access restricted application...
Improper Authentication Vulnerability in RICOH printers
Overview Multiple RICOH printers contain Improper Authentication Vulnerability CWE-287. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impac...
CVE-2019-16731
The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings...
Code injection
The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings...
CVE-2019-16731
CVE-2019-16731 affects Petwant PF-103 firmware (4.22.2.42) and Petalk AI (3.2.2.30) via the udpServerSys service, enabling remote attackers to initiate firmware upgrades and modify device settings. The Red Hat, NVD, CNVD, and CVE records consistently describe the same vulnerable component and imp...
CVE-2019-16731
The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings...
CVE-2019-16978
In FusionPBX up to v4.5.7, the file app\devices\devicesettings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS...
PT-2019-14898 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized id variable in the file appdevicesdevice settings.php, which is reflected in HTML and leads to a cross-site scripting XSS issue. Recommendations: For...