12 matches found
EUVD-2017-15066
Malware in sbrugna...
CVE-2024-51721
CVE-2024-51721 : A code injection vulnerability affects the SecuSUITE Server Web Administration Portal in SecuSUITE versions up to 5.0.420. The issue allows an attacker to inject script commands or other executable content that would run with root privileges. Affected component is the Web Adminis...
Design/Logic Flaw
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference...
CVE-2014-8356
The CVE-2014-8356 issue affects Zhone zNID GPON 2426A and related 24xx/42xx/26xx/28xx-series devices, with firmware older than S3.0.501. The vulnerability arises from an Insecure Direct Object Reference that allows remote authenticated users to bypass access controls by altering server responses ...
CVE-2014-8356
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2014-8357
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...
CVE-2014-9118
CVE-2014-9118 affects Zhone zNID GPON 2426A (and related 24xx/42xx/26xx/28xx series) prior to S3.0.501. The issue is a command-injection vulnerability in the web admin portal: remote attackers can execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Root cau...
CVE-2014-9118
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...
CVE-2014-9118
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2017-5998
Cross-site scripting XSS vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the strlogname parameter in a "Web Admin Portal Log Configuration Add" action...
CVE-2017-5998
Cross-site scripting XSS vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the strlogname parameter in a "Web Admin Portal Log Configuration Add" action...
CVE-2017-5998
Cross-site scripting XSS vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the strlogname parameter in a "Web Admin Portal Log Configuration Add" action...