211 matches found
NEC UNIVERGE IX 安全漏洞
NEC UNIVERGE IX is a router from Nippon Electric NEC. A security vulnerability exists in the NEC UNIVERGE IX that originates from the ability to inject arbitrary scripts, which could lead to cross-site scripting attacks. The following products and versions are affected: NEC Corporation UNIVERGE I...
Malicious code in @zalastax/nolb-react-ix (npm)
The package @zalastax/nolb-react-ix was found to contain malicious code...
MAL-2025-13704 Malicious code in @zalastax/nolb-react-ix (npm)
The package @zalastax/nolb-react-ix was found to contain malicious code...
CVE-2024-39290
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book...
CVE-2024-11014
Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...
CVE-2024-45837
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files...
CVE-2020-16218
In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...
CVE-2020-27183
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact...
CVE-2020-27179
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens...
CVE-2020-27180
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter...
CVE-2020-27182
Multiple cross-site scripting XSS vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, jobjacketdetail.jsp, ixedit/editorcomponent.jsp, or the login form...
CVE-1999-0447
Local users can gain privileges using the debug utility in the MPE/iX operating system...
CVE-2024-11013
Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management...
CVE-2024-31408
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request...
CVE-2024-11014
Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...
CVE-2024-11013
Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management...
CVE-2024-11014
CVE-2024-11014 is a CSRF vulnerability affecting NEC NEC UNIVERGE IX series routers. A logged-in attacker could hijack the authentication of the device’s on-screen management interfaces by convincing a user to visit a crafted link, with affected versions ranging from 9.2 to 10.10.21, 10.8.x up to...
CVE-2024-11014
Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...
CVE-2024-11014
Cross-site request forgery CSRF vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface...
CVE-2024-11013
Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management...