D-Link DSL-3782 Code execution(CVE-2018-8941)

CVE-2018-8941: D-Link DSL-3782 Code execution Proof of Concept Adam Simuntis :: https://twitter.com/adamsimuntis Mindaugas Slusnys :: https://twitter.com/mislusnys The buffer overflow vulnerability was found in the "/userfs/bin/tcapi" binary which is used as a wrapper for the "Diagnostics"...

CVE-2018-7238

A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code...

CVE-2018-7238

The CVE-2018-7238 entry affects Schneider Electric Pelco Sarix Professional devices. A buffer overflow in the web-based GUI is exploitable on all firmware versions prior to 3.29.67, allowing an unauthenticated, remote attacker to execute arbitrary code. Impact is high: remote code execution with ...

Quest DR Series Appliance Default Credentials (HTTP)

Quest DR Series Appliances are using known default credentials for the HTTP login. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Zonemaster Web GUI Cross-Site Scripting Vulnerability

Zonemaster Web GUI is an open source Web graphical user interface in the Zonemaster project . A cross-site scripting vulnerability exists in the lib/Zonemaster/GUI/Dancer/Export.pm file in Zonemaster Web GUI. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...

Cross site scripting

lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS...

CVE-2018-7652

lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS...

CVE-2018-7652

lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS...

CVE-2013-0267

CVE-2013-0267 affects Apache VCL: the Privileges portion of the web GUI and the XMLRPC API on VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2, and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or...

PcapXray - A Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram

PcapXray is a Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. PcapXray Design Specification Goal: Given a Pcap File, plot a network diagram displaying hosts in the network,...

Command injection

Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems...

CVE-2017-6230

The CVE-2017-6230 entry concerns Ruckus Networks Solo APs (firmware R110.x or earlier) and SZ managed APs (firmware R5.x or earlier). It describes an authenticated Root Command Injection vulnerability in the web-GUI, enabling an authenticated user to execute privileged commands on affected system...

CVE-2017-6230

Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems...

CVE-2018-0099

The CVE-2018-0099 entry concerns Cisco D9800 Network Transport Receiver, where the web management GUI is vulnerable to a command injection due to insufficient validation of GUI command arguments. An authenticated remote attacker could inject crafted GUI parameters to execute commands on the under...

Denial of service

A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...

CVE-2017-14182

A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...

FortiOS web GUI logindisclaimer redir parameter XSS vulnerability

A reflected XSS vulnerability exists in FortiOS web GUI "Login Disclaimer" redir parameter. It is potentially exploitable by a remote unauthenticated attacker, via sending a maliciously crafted URL to a victim who has an open session on the web GUI. Visiting that malicious URL may cause the...

CVE-2017-12226

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E Wireless Switches, and Cisco New Generation Wireless Controllers NGWC 3850 could allow an authenticated, remote attacker to elevate...

Scaner-VS: Vulnerability Management solution for Russian Military

Scaner-VS is a Vulnerability Assessment system developed by Moscow-based NPO Echelon. It's pretty popular in Russian government organizations, especially in Russian Army, because it comply all government requirements, has all necessary certificates and is relatively cheap. As for requirements and...

Cross site scripting

A vulnerability in AsyncOS for the Cisco Web Security Appliance WSA could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials...