Authentication Bypass in PAN-OS Management Web Interface

An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. Ref PAN-113675, CVE-2019-1572 Successful exploitation of this issue may allow an unauthenticated remote user to access php files. This issue affects Only PAN-OS 9.0.0 Work around: This issue affects the web-base...

PT-2019-1583 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center versions prior to 1.2.5 Description: A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...

Open-Xchange OX App Suite Cross Site Scripting / SSRF

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 59653 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.0 Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.0-rev13 Vendor notification:...

Siemens S7-400 CPUs (Update B)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Open redirect

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...

CVE-2016-6854

CVE-2016-6854 affects Open-Xchange OX Guard prior to 2.4.2-rev5. An injection flaw allows a script to run when verifying an inline PGP signature in a mail, enabling malicious code to execute in a user’s context and potentially hijack sessions or trigger actions via the web interface. Fixed in 2.4...

Cisco Unified Web Interaction Manager Web Interface Security Restriction Bypass Vulnerability

Cisco Unified Web Interaction Manager is a WEB interaction manager. An input validation vulnerability in Cisco Unified Web Interaction Manager WEBjiekou could be exploited by a remote attacker to submit a special request to view, modify, or delete data stored on the target system...

PT-2016-61: Denial of Service in the web interface to TP-Link wireless devices control system

The specialists of the Positive Research center have detected a Denial of Service vulnerability in the web interface to TP-Link wireless devices control system. An attacker can cause a full denial of service of the server used for the web interface to wireless devices control system via the speci...

CUPS crossite scripting

Crossite scripting in Web interface...

Command Injection Vulnerability

A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 31091 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier. Work...

Verbose Error Messages

Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client. This does not directly result in any specific vulnerability, however this information is helpful to an attacker. Ref 33139 This issue resul...

F5 FirePass Content Inspection Management XSS

F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...

CVE-2008-1515

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."...

Multiple Thomson TCW690 security vulnerabilities.

It's possible to access web interface without username and password. Denial of Service...

Multiple HP/Compaq products Web interface buffer overflow

No description provided...

[Full-Disclosure] exploiting fortigate firewall through webinterface

Issue: Several vulnerabilities in web interface of Fortigate firewall of which the most serious one will allow a remote attacker to obtain a username and password of the Fortigate. Release: pre 2.50 maintenance release 4 Fixed in: Fortinet OS 2.50 MR4, available from FTP as of 29 Sept. 2003 Date:...

Cisco Secure ACS buffer overflow

Buffer overflow in TCP/2002 web interface port...

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting

SurfControl SuperScout Email Filter 3.5 - MsgError.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to...

VNC HTTP Server Detection

The remote host is running VNC Virtual Network Computing, which uses the RFB Remote Framebuffer protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another. This script was written by Georges Dagousset See the Nessus...

CVE-1999-0842

Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. dot dot attack...