The vulnerability of the PowerScale OneFS operating system, related to deficiencies in user interface security, allows attackers to disclose protected information.

The vulnerability of the PowerScale OneFS operating system is related to security flaws in the user interface. Exploiting this vulnerability could allow a malicious actor, operating remotely, to expose sensitive information that is protected by the system...

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Overview Layer-2 L2 network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service DoS or to perform a...

Default credentials

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface...

CVE-2022-26519

There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials...

CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

Fortinet FortiPortal Denial of Service Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability in the web interface of Fortinet FortiPortal prior to 6.0.6 with...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

Grandstream GRP261x VoIP phone running firmware license issue vulnerability

The Grandstream GRP261x VoIP phone is an IP phone from Grandstream USA. A carrier-grade IP phone designed for large-scale deployments. A security vulnerability exists in the Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 that allows authentication bypass in its administration web...

The vulnerability of the Google Chrome browser’s media component, which allows a hacker to access confidential data

The vulnerability of the Google Chrome browser’s media component is related to security issues with the user interface. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...

Cisco Data Center Network Manager Reflective File Download Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A reflective file download vulnerability exists in the Web management interface of...

EUVD-2021-6605

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting. The vulnerability existed because it does not escape button labels in the Jenkins UI...

CVE-2020-26114

cPanel before 90.0.10 allows self XSS via the Cron Jobs interface SEC-573...

CVE-2020-7116

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...

PT-2020-13061 · Riverbed · Edgeconnect Appliance

Name of the Vulnerable Software and Affected Versions: EdgeConnect appliance affected versions not specified Description: The issue allows an admin user with shell access to retrieve IPSec UDP key material from both machine-to-machine interfaces and human-accessible interfaces. This material can...

Siemens S7-300/400 PLC Vulnerabilities (Update E)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 and SIMATIC S7-400 Vulnerabilities: Information Exposure, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...

CVE-2014-9405

CVE-2014-9405 is an XSS in Freebox OS Web interface 3.0.2. The vulnerability is in the description field of a Download RSS item or Contacts, allowing injected script when a user views the feed or imported VCARD content. Root cause: insufficient input filtering in the web interface; impact describ...

TIBCO Security Advisory: October 8, 2019 - TIBCOMDM

TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities Original release date:October 8, 2019 Last revised: CVE-2019-11212 Source: TIBCO Software Inc. TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities Original release date: October 8, 2019 Last revised: --- Source: TIBCO Software Inc. Systems...

CVE-2019-3968

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...

CVE-2019-1822 Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because t...