CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

CVE-2025-0360

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API...

Cisco NX-OS Command Injection (CVE-2017-12339)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

Huawei Data Communication: Configuring Secure User Authentication Modes and Permission Levels

Configure user rights in the user-interface VTY view. In password authentication mode, this permission is the actual login permission. In AAA authentication mode, this parameter takes effect if no user rights are configured on the AAA server. Configuring password authentication on the VTY is...

Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure PI has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This...

PCI DSS v3.2 & Exposing Session ID in URL

Passing the session ID in the URL such as QID 150068 “Session ID in URL” will be marked as a Fail for PCI as of April 15, 2018 in accordance with PCI DSS v3.2. QID 150068 is a PCI Fail according to PCI DSS v3.2 Requirement 6.5.10: 6.5.10 Examine software development policies and procedures and...