5908 matches found
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4,...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2...
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit title: Ecessa WANWorx WVR-30 input type="hidden" name="userusername1" value=...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit title: Ecessa WANWorx WVR-30 input type="hidden" nam...
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Summary: Ecessa's ShieldLink 60, 175, 600,12...
Ecessa ShieldLink SL175EHQ 10.7.4 CSRF Add Superuser Exploit
Summary Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highly affordable secure WAN Optimization Controllers that incorporate all of the ISP/WAN link. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity...
Ecessa Edge EV150 10.7.4 CSRF Add Superuser Exploit
Summary Internet Failover and Load Balancing for Small Businesses, Stores and Branch Offices. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain...
Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability(CVE-2018-3834)
Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is...
Insteon Hub PubNub Firmware Downgrade Vulnerability (CVE-2018-3833)
Summary An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be...
CVE-2018-0371
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...
Input validation
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...
CRLF Injection
Vert.x Core is vulnerable to CRLF injection. The injection is possible because it does not check to forbid the \r or \n characters in HTTP client requests and server responses...
NX-OS Software Remote Code Execution Vulnerability in Multiple Cisco Products
Cisco Nexus 2000 Series Switches are switching devices.Fabric Modules are switch matrix modules.NX-OS Software is a set of data center-grade operating system software that runs on them. a set of data center-grade operating system software used by the switches. An input validation vulnerability...
Cisco Meeting Server Web Admin Interface Denial of Service Vulnerability
A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient validation of incoming HTTP requests. An attacker could exploit this vulnerability by sending a...
Security Bulletin: IBM TRIRIGA Application Unintended Proxy or Intermediary (CVE-2016-0362)
Summary IBM TRIRIGA platform allows remote attackers to use one of its web services as a proxy to forward HTTP requests to other internal/external Web resources. Vulnerability Details CVEID: CVE-2016-0362 CVSS Base Score: 4.3 CVSS Temporal Score: See for the current score CVSS Environmental Score...
Security Bulletin: IBM Tealeaf Customer Experience Replay Server internal proxy accepts connections from external sources (CVE-2016-5968)
Summary The internal HTTP proxy server deployed as part of the IBM Tealeaf Customer Experience Replay Server accepts requests from any network host, not only from local renderers. Vulnerability Details CVEID: CVE-2016-5968 DESCRIPTION: IBM Tealeaf Replay Server allows remote attackers to use one ...
Security Bulletin: IBM MQ and IBM WebSphere MQ invalid requests could cause denial of service to MQXR listener (CVE-2016-8986)
Summary Invalid HTTP requests could cause a denial of service to the IBM MQ MQXR listener. Vulnerability Details CVEID: CVE-2016-8986 DESCRIPTION: IBM WebSphere MQ could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests...