Lucene search
+L

296 matches found

Prion
Prion
added 2020/09/25 6:15 p.m.17 views

Cross site request forgery (csrf)

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI...

4.3CVSS6.5AI score0.00508EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/25 5:33 p.m.25 views

CVE-2020-25142

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI...

6.5AI score0.00508EPSS
Exploits0References1
OSV
OSV
added 2020/08/28 5:15 a.m.5 views

CVE-2020-5621

Cross-site request forgery CSRF vulnerability in NETGEAR switching hubs GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified...

4.3CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2020/08/28 5:15 a.m.24 views

CVE-2020-5621

Cross-site request forgery CSRF vulnerability in NETGEAR switching hubs GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified...

4.3CVSS4.9AI score0.00789EPSS
Exploits0References4
Prion
Prion
added 2020/08/28 5:15 a.m.20 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in NETGEAR switching hubs GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified...

4.3CVSS4.9AI score0.00789EPSS
Exploits0References4Affected Software2
ThreatPost
ThreatPost
added 2020/07/10 10:43 p.m.40 views

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

A popular consumer-grade security camera made by TP-Link and sold under the Kasa brand has bevy of bugs that open the hardware to remote attacks, such as giving hackers access to private video feeds and the ability to change device settings. The researcher Jason Kent, with Cequence Security,...

7.8AI score
Exploits0References5
Prion
Prion
added 2020/06/29 2:15 p.m.14 views

Hardcoded credentials

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...

3.6CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/06/29 1:49 p.m.57 views

CVE-2020-12035

CVE-2020-12035 affects Baxter PrismaFlex (all versions) and PrisMax (all versions prior to 3.x). Root cause is a hard-coded service password that grants access to biomedical information, device settings, calibration settings, and network configuration, enabling an attacker to modify device settin...

4.9CVSS5.1AI score0.00247EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/29 1:49 p.m.23 views

CVE-2020-12035

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network configuration. This could allow an attacker to modify device settings...

5.1AI score0.00247EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/19 12:0 a.m.3 views

Baxter PrismaFlex Hardcoding Vulnerability

The Baxter PrismaFlex is a critical care device from Baxter. A hard-coded vulnerability exists in Baxter PrismaFlex all versions that stems from the fact that PrismaFlex contains a hard-coded service password that can be exploited by an attacker to modify device settings and calibration values...

7.5CVSS7.1AI score0.00483EPSS
Exploits0References1
OSV
OSV
added 2020/04/23 3:15 p.m.6 views

CVE-2020-4353

IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505...

4.6CVSS5.8AI score0.00332EPSS
Exploits0References2
NVD
NVD
added 2020/04/23 3:15 p.m.20 views

CVE-2020-4353

IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505...

4.6CVSS4.5AI score0.00332EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/14 8:32 p.m.22 views

Security Bulletin: Instability in the Kiosk Android (CVE-2020-4353)

Summary Instability in the Kiosk Android Application leads to a bypass in MDM Restrictions Vulnerability Details CVEID: CVE-2020-4353 DESCRIPTION: IBM MaaS360 could allow a user with physical access to the device to crash the application, which may enable the user to access restricted application...

4.6CVSS1.3AI score0.00332EPSS
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/25 6:47 a.m.4 views

Improper Authentication Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Improper Authentication Vulnerability CWE-287. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impac...

7.5CVSS6.5AI score0.01409EPSS
Exploits0References5
NVD
NVD
added 2019/12/13 9:15 p.m.19 views

CVE-2019-16731

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings...

7.5CVSS7.5AI score0.01082EPSS
Exploits1References1
Prion
Prion
added 2019/12/13 9:15 p.m.18 views

Code injection

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings...

5CVSS7.5AI score0.01082EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2019/12/13 8:25 p.m.110 views

CVE-2019-16731

CVE-2019-16731 affects Petwant PF-103 firmware (4.22.2.42) and Petalk AI (3.2.2.30) via the udpServerSys service, enabling remote attackers to initiate firmware upgrades and modify device settings. The Red Hat, NVD, CNVD, and CVE records consistently describe the same vulnerable component and imp...

7.5CVSS7.5AI score0.01082EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/12/13 8:25 p.m.25 views

CVE-2019-16731

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings...

7.5AI score0.01082EPSS
Exploits1References1
OSV
OSV
added 2019/10/21 3:15 p.m.5 views

CVE-2019-16978

In FusionPBX up to v4.5.7, the file app\devices\devicesettings.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to XSS...

6.1CVSS6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/10/21 12:0 a.m.6 views

PT-2019-14898 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns the use of an unsanitized id variable in the file appdevicesdevice settings.php, which is reflected in HTML and leads to a cross-site scripting XSS issue. Recommendations: For...

6.1CVSS5.9AI score0.00857EPSS
Exploits0References4
Rows per page
Query Builder