159 matches found
PT-2023-1307 · Moxa · Moxa Sds-3008 Series Industrial Ethernet Switch
Name of the Vulnerable Software and Affected Versions: Moxa SDS-3008 Series Industrial Ethernet Switch version 2.1 Description: An information disclosure issue exists in the web application functionality, allowing a specially-crafted HTTP request to disclose sensitive information. An attacker can...
PT-2023-1559 · Zyxel · Zyxel Nr7101
Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware versions prior to V1.15ACCC.3C0 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to...
CVE-2022-39039 aEnrich a+HRD - Server-Side Request Forgery (SSRF)
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTPs request to launch Server-Side Request Forgery SSRF attack, to perform arbitrary system command or disrupt service...
CVE-2022-28703
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...
PT-2022-3982 · Cisco · Cisco Unified Communications Manager Session Management Edition +1
Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM versions affected versions not specified Cisco Unified Communications Manager Session Management Edition Unified CM SME versions affected versions not specified Description: A vulnerability in t...
CVE-2022-26510
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2020-13567
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability...
PT-2022-12116 · Reolink · Reolink Rlc-410W
Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetMdAlarm...
PT-2022-12057 · Reolink · Reolink Rlc-410W
Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetNorm para...
PT-2022-12114 · Reolink · Reolink Rlc-410W
Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetAlarm par...
CVE-2021-21922
CVE-2021-21922 affects Advantech R-SeeNet (2.4.15 and prior) via SQL injection in the user_list page, caused by improper neutralization of inputs in several filters (username_filter, name_filter, surname_filter, company_filter). An authenticated user (or via CSRF) can inject SQL through these par...
PT-2021-5032 · Advantech · Advantech R-Seenet
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is related to a lack of protection in the SQL query structure, which can be exploited through a specially-crafted HTTP request, potentially leading to SQL injection. Th...
IBM Cloud Pak for Security Malicious Data Injection Vulnerability
IBM Cloud Pak for Security is an application from IBM America, Inc. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A malicious data injection vulnerability exists in IBM Cloud Pak for Security...
OpenClinic GA SQL Injection Vulnerability (CNVD-2021-34993)
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. An SQL injection vulnerability exists in the findDistrict parameter of the "Patientslist.do" page in OpenClinic GA...
OpenClinic GA SQL Injection Vulnerability (CNVD-2021-29431)
OpenClinic GA is an open source hospital integrated information management system . An SQL injection vulnerability exists in the nomenclature parameter in getAssets.jsp in OpenClinic GA version 5.173.3. An attacker can exploit this vulnerability by sending an HTTP request to perform a SQL injecti...
Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A server-side request forgery vulnerability exists in the session authentication...
Cisco Smart Software Manager Satellite Open Redirect Vulnerability
Cisco Smart Software Manager Satellite is a Cisco component for Cisco product license management. An open redirection vulnerability exists in the web management interface of Cisco Smart Software Manager Satellite 5.0 and earlier versions. The vulnerability stems from improper validation of the...
Cisco SD-WAN vManage Authorization Bypass Vulnerability
Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An authorization bypass vulnerability exists in the web management interface of Cisco SD-WAN vManage, which can be exploited by an attacker by sending a specially crafted HTTP request to...
Cisco Data Center Network Manager Authorization Bypass Vulnerability (CNVD-2021-09948)
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An authorization bypass vulnerability exists in the Web management interface of...
Cisco Data Center Network Manager Authorization Bypass Vulnerability (CNVD-2021-09949)
Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An authorization bypass vulnerability exists in the Web management interface of...