11 matches found
CVE-2023-20009
A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway ESA and Cisco Secure Email and Web Manager SMA could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a...
Optilink Network OP-XT71000N 跨站请求伪造漏洞
Optilink Network OP-XT71000N is a wireless router from Optilink Network India. The Optilink Network OP-XT71000N version V2.2 suffers from a cross-site request forgery vulnerability that stems from its inadequate protection of mgmconfigfile.asp allowing an attacker to create a crafted CSRF form to...
Vmware Carbon Black Cloud Authentication Bypass Vulnerability
Vmware Carbon Black Cloud is a Sass platform from Vmware USA that provides security checking and defense capabilities for cloud endpoints. VMware Carbon Black Cloud Workload 1.0.1 and prior versions have an authentication bypass vulnerability that could allow a user with network access to the...
Profile Management Configuration Checking Tool - UPMConfigCheck
Please note: You can download the required file from the Citrix downloads website by visiting the following link: https://www.citrix.com/downloads/citrix-tools Profile Management Configuration Check Tool UPMConfigCheck Created Date: February 27, 2012 Updated Date: August 23, 2023 Description...
Open Ticket Request System Information Disclosure Vulnerability (CNVD-2019-16544)
Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software will be submitted by phone , e-mail and other channels of service requests into different queues , service levels , service personnel through the OTRS system t...
The vulnerabilities of the software components—Knowledge Management Configuration Service, EPBC, and EPBC2 on the SAP NetWeaver platform—allow attackers to control the application.
The vulnerability of the software components—Knowledge Management Configuration Service, EPBC, and EPBC2 of the SAP NetWeaver platform—is related to insufficient testing of server-side requests. Exploiting this vulnerability allows a malicious actor to control the application using specially...
EAP-7: Wrong privileges on multiple property files
It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system...
Server side request forgery (ssrf)
Server Side Request Forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application...
CVE-2017-16678
Server Side Request Forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application...
Cisco Application Policy Infrastructure Controller Access Control Vulnerability (cisco-sa-20150722-apic)
A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to access the APIC as the root user. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a...
JVN#27142693: NP-BBRM vulnerable in UPnP functionality
NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution Disable UPnP Disable UPnP functionality from the management configuration in the settings screen...