12 matches found
PT-2026-25661
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...
EUVD-2018-0006
Malware in sbrugna...
CVE-2022-35416
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS...
CVE-2022-35416
H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS...
PT-2022-22816 · H3C · H3C Ssl Vpn
Name of the Vulnerable Software and Affected Versions: H3C SSL VPN versions through 2022-07-10 Description: The issue allows for XSS through the svpnlang cookie in the wnm/login/login.json API endpoint. Recommendations: For versions through 2022-07-10, as a temporary workaround, consider...
Privilege escalation
An issue was discovered in Comelit "App lejos de casa web" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges installer or administrator for the graphical interface via a...
CVE-2019-11415
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service reboot, as demonstrated by JSON misparsing of the "" string to v1/system/login...
Ajenti Information Disclosure Vulnerability (CNVD-2018-07757)
Ajenti is a Web-based open source server management system developed by Belarusian software developer Eugene Pankov. The system comes with a variety of pre-built plug-ins for configuring and monitoring server software and services such as Apache, scheduled tasks Cron and so on. A security...
CVE-2018-1000083
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...
CVE-2018-1000083
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...
Input validation
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...
CVE-2018-1000083
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...