CVE-2018-6449

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers...

EUVD-2017-12965

Malware in sbrugna...

EUVD-2018-1166

Malware in sbrugna...

EUVD-2006-2167

Malware in sbrugna...

EUVD-2016-7384

Malware in sbrugna...

CVE-2018-6447

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account...

Design/Logic Flaw

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers...

Cross site scripting

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account...

CVE-2018-6449

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers...

CVE-2018-6447

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account...

BSA-2020-1073

Security Advisory ID : BSA-2020-1073 Component : HTTP Management Interface Revision : 1.1 A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0CBN3, v7.4.2g could allow authenticated attackers...

Default credentials

An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be...

Cross-site Request Forgery (CSRF)

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use thi...

Cisco SD-WAN Solution Remote Code Execution Vulnerability

Cisco vBond Orchestrator Software are products of Cisco. vBond Orchestrator Software is a set of security network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network extension solution running in it. An access control error...

CVE-2018-0343

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...

CVE-2018-0343

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...

CVE-2017-3848

A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected...

TP-Link C2 / C20i Command Injection / Denial Of Service

TP-Link CS and C20i are vulnerable to command injection, denial of service, and improper firewall rule issues. Title: TP-Link C2 and C20i vulnerable to command injection authenticated root RCE, DoS, improper firewall rules Advisory URL: https://pierrekim.github.io/advisories/2017-tplink-0x00.txt...

TP-Link C2 / C20i Command Injection / Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: TP-Link C2 and C20i vulnerable to command injection authenticated root RCE, DoS, improper firewall rules Advisory URL: https://pierrekim.github.io/advisories/2017-tplink-0x00.txt Blog URL:...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.4 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common...