63 matches found
CVE-2023-27573
NetBox-Docker
CVE-2023-31240
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...
EUVD-2018-17121
Malware in sbrugna...
EUVD-2008-2050
Malware in sbrugna...
EUVD-2018-17119
Malware in sbrugna...
EUVD-2021-26508
Malware in sbrugna...
EUVD-2015-1616
Malware in sbrugna...
EUVD-2023-29147
Malicious code in bioql PyPI...
EUVD-2022-0038
Malicious code in bioql PyPI...
CVE-2021-3165
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the //CampaignManager/users URI...
Hardcoded credentials
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...
CVE-2023-25183
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device...
CVE-2023-31240
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...
CVE-2023-31240
Summary: CVE-2023-31240 affects Snap One OvrC Pro, specifically versions prior to 7.2. The issue is a hard-coded-credentials based hidden superuser account, accessible via the local web server running on affected devices, potentially exposing control to the network and remote access. The Red Hat/...
CVE-2022-22229
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability, a stored XSS or persistent, in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with 'WRITE' permissions to...
Cross site scripting
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability, a stored XSS or persistent, in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with 'WRITE' permissions to...
CVE-2022-22229 Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability, a stored XSS or persistent, in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with 'WRITE' permissions to...
CVE-2022-22229 Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability, a stored XSS or persistent, in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance Formerly Netrounds allows a high-privilege attacker with 'WRITE' permissions to...
CVE-2022-2568
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...
Privilege escalation
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...