CVE-2018-5799

In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATIONNAME= URI, aka SD-69139...

Ubiquiti Inc.: UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise

In UniFi Video 3.10.0, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

CVE-2018-7500

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account...

Cross site scripting

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

CVE-2018-7508

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

Design/Logic Flaw

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account...

CVE-2018-7508

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

CVE-2018-7500

A Permissions, Privileges, and Access Controls issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Privileges may be escalated, giving attackers access to the PI System via the service account...

CVE-2018-7508

A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior. Cross-site scripting may occur when input is incorrectly neutralized...

CVE-2018-7508

The CVE-2018-7508 entry pertains to a Cross-site Scripting vulnerability in OSIsoft PI Web API, affecting versions 2017 R2 and prior. The root cause is improper neutralization of input during web page generation, enabling XSS. The associated ICS/CISA advisory confirms the vulnerability is in PI W...

CVE-2018-7500

CVE-2018-7500 affects OSIsoft PI Web API (versions 2017 R2 and prior). The issue is Privileges may be escalated, allowing access to the PI System via the service account. CVSS information in NVD indicates high/critical impact (CS: high for confidentiality, integrity, availability; network vector;...

OSIsoft PI Web API Elevation of Privilege Vulnerability

The OSIsoft PI Web API is a product for accessing PI system data. An elevation of privilege vulnerability exists in OSIsoft PI Web API 2017 R2 and prior versions that could allow an attacker to access the PI System via a service account...

OSIsoft PI Web API

CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API Vulnerabilities: Permissions, Privileges, and Access Controls; Cross-site Scripting AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Web API products: PI...

The vulnerability in the web interface of the Cisco Prime Home system allows a perpetrator to bypass the authentication process and perform arbitrary actions with administrator privileges.

The vulnerability in the Cisco Prime Home system’s web interface exists due to deficiencies in the authentication process related to role-based access control RBAC errors. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and perform arbitrary actions wit...

Ansible Tower Arbitrary Command Execution Vulnerability

Ansible is a computer system configuration manager from Ansible, Inc. that can be used to publish, manage, and orchestrate computer systems.Ansible Tower a.k.a. Ansible UI is one of the task control applications that provides a user interface UI, dashboard, and REST API. An arbitrary command...

CVE-2017-9377

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...

Command injection

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...

CVE-2017-9377

Barco ClickShare Base Unit devices (CSM-1 firmware before 1.7.0.3; CSC-1 firmware before 1.10.0.10) are affected by CVE-2017-9377. A command injection vulnerability exists that an attacker with access to the product’s web API can exploit to completely compromise the affected device. The available...

CVE-2017-9377

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...

Denial of service

A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...