The vulnerability of the microprogramming software of the Moxa IKS-G6824A switch allows a intruder to gain unauthorized access to the device.

The vulnerability of Moxa IKS-G6824A microcontroller-based software is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device...

The vulnerability of the microprogramming software used in Pelco Sarix Enhanced and Spectra Enhanced cameras arises from insufficient verification of the authenticity of the requests being sent. This allows intruders to gain access to the camera’s interface.

The vulnerability of the microprogramming software used in Pelco Sarix Enhanced and Spectra Enhanced cameras is related to insufficient verification of the authenticity of the requests being sent. Exploiting this vulnerability can allow a intruder to gain access to the camera through a specially...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to perform cross-site fraudulently.

The vulnerability in the FortiOS operating system’s web interface is related to the lack of checks for the authenticity of HTTP requests. Exploiting this vulnerability allows a malicious actor to perform cross-site fraudulently...

LOYTEC LVIS-3ME Cross-Site Scripting Vulnerability

LVIS-3ME is a graphical user interface from LOYTEC. A cross-site scripting vulnerability exists in LOYTEC LVIS-3ME versions prior to 6.2.0, which can be exploited by an attacker to conduct a cross-site scripting attack due to a lack of proper web request authentication in the web interface, if an...

Microsoft ASP.NET Core Denial of Service Vulnerability

Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web One applications, IoT applications, and mobile backends. A denial of service vulnerability exists in Microsoft ASP.NET Core, which arises from the...

CVE-2013-1205

CVE-2013-1205 affects the Event Center module of Cisco WebEx Meetings Server. The issue is that certain requests are not authenticated, enabling remote attackers to discover host keys and event passwords via crafted URLs. The vulnerability is described in Cisco’s advisory and related CVE records,...

Re: More problems with RADIUS (protocol and implementations)

I note that the original message didn't cite my short message to Bugtraq about security issues with RADIUS: http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00332.html Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others...

Luca Deri ntop 1.2 a7-9 - Unauthorized File Retrieval

source: https://www.securityfocus.com/bid/1550/info ntop is a tool that shows the network usage, similar to what the popular top Unix command does. Starting ntop in web mode with the -w parameter starts ntop with it's own built in HTTP server, to allow remote access to the functions it provides...