90 matches found
CVE-2025-30184
Summary (CVE-2025-30184) CyberData 011209 Intercom is vulnerable to an unauthenticated access to the Web Interface via an alternate path. Public disclosures across NVD, Red Hat, CNNVD, CVE list, and PT Security confirm an authentication bypass/vector against the Intercom’s web interface, with CVS...
PT-2025-24570 · Cyberdata · Cyberdata 011209 Intercom
Name of the Vulnerable Software and Affected Versions: CyberData 011209 Intercom affected versions not specified Description: The issue allows an unauthenticated user to access the Web Interface through an alternate path. Recommendations: At the moment, there is no information about a newer versi...
CVE-2025-0325
CVE-2025-0325 affects Axis devices with the Guard Tour VAPIX API. The vulnerability arises from a parameter that allows arbitrary values and can be invoked inappropriately, enabling an attacker to block access to the guard tour configuration page in the Axis device web interface. The primary impa...
CVE-2024-48419
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...
CVE-2022-29879
A vulnerability has been identified in SICAM T All versions V3.0. The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information...
CVE-2017-18373
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a...
The vulnerability of the HTTP server in the Mini_http integrated software for Netgear DGND3700 routers allows a hacker to bypass existing security restrictions and gain unauthorized access to the device’s web interface.
The vulnerability of the HTTP server in the Minihttp embedded software of Netgear DGND3700 routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain unauthorized access to the device’s...
CVE-2024-8893
Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1...
CVE-2024-22045
A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.1 SP1. The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also...
CVE-2024-48419
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...
CVE-2024-48419
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...
Image Access Scan2Net 安全漏洞
Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from improper cleaning of the HTTP GET parameter data, which allows an attacker to acce...
CVE-2020-11918
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file...
Jenkins Plugin Credentials 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software plugin ... A security...
CVE-2024-8887
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service DoS attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow...
CVE-2024-6173
CVE-2024-6173 concerns Axis OS: a Guard Tour VAPIX API parameter allows arbitrary values, enabling an attacker to block access to the guard tour configuration page in the Axis web interface. Reported by AXIS OS Bug Bounty participant, the flaw’s impact is described as blocking access (availabilit...
CVE-2024-5911
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which...
CVE-2024-37040
CWE-120: Buffer Copy without Checking Size of Input ‘Classic Buffer Overflow’ vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request...
Schneider Electric SAGE RTUs Security Vulnerability
Schneider Electric SAGE RTUs is a high-performance device for industrial automation and remote monitoring from Schneider Electric France. A security vulnerability exists in the Schneider Electric SAGE RTUs that stems from the presence of incorrect default permissions that allow authenticated user...
PT-2024-11661 · Ibm · Ibm Aspera Console
Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.2 PL5 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...