CVE-2024-4999

CVE-2024-4999 affects Ligowave UNITY (up to 6.95-2), PRO (up to 6.95-1.Rt3883), MIMO (up to 6.95-1.Rt2880), and APC Propeller (up to 2-5.95-4.Rt3352). The issue is a vulnerability in the web-based management interface that could allow an authenticated remote attacker to execute arbitrary commands...

CVE-2024-20257

Cisco AsyncOS Web-based management interface in Cisco Secure Email Gateway is affected by an XSS vulnerability due to insufficient input validation. An authenticated remote attacker could entice a user to click a crafted link, leading to arbitrary script execution within the interface or exposure...

CVE-2023-32145

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-32145

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-32145 D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-32145

Consolidated view of CVE-2023-32145: D-Link DAP-1360 devices are affected by a hardcoded credentials authentication bypass in the web UI login handling. This enables network-adjacent attackers to bypass authentication without user interaction. The vulnerability scores high (CVSSv3.1: AV=A, AC:L, ...

CVE-2023-32145 D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability

D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2024-20378

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management...

Cisco Identity Services Engine XSRF (cisco-sa-ise-csrf-NfAKXrp5)

According to its self-reported version, Cisco Identity Services Engine Cross-Site Request Forgery is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site...

CVE-2024-20310

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against an authenticated user of the interface. This vulnerability exists because t...

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

CVE-2024-20281

A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

CVE-2024-20334

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against an authenticated user of the interface. This vulnerability exists because t...

CVE-2024-20333

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An...

Cisco Catalyst Center Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An...

Cisco Small Business Buffer Overflow Vulnerability (CNVD-2024-37606)

Cisco Small Business is a switch from the American company Cisco Cisco. Cisco Small Business suffers from a buffer overflow vulnerability that stems from insufficient validation of user-supplied input in the web-based user interface, which can be exploited by an authenticated, remote attacker to...

CVE-2024-20346

A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of...

Buffer overflow

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

CVE-2024-20346

A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of...