90 matches found
CVE-2024-2433
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interfa...
GL.iNet Router Security Vulnerability
GL.iNet Router is a series of routers from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet Router 4.x firmware version, which originated from a vulnerability that allows an attacker to bypass authentication and gain access to the router's web interface...
Vulnerabilities fixed in Cisco products
Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights SQL Injection Access...
GLSA-202312-11 : SABnzbd: Remote Code Execution
The remote host is affected by the vulnerability described in GLSA-202312-11 SABnzbd: Remote Code Execution - SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the...
CVE-2023-3638
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application...
PT-2023-5481 · Advantech · Eki-1522 +2
Name of the Vulnerable Software and Affected Versions: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the device name field of the...
Siemens SCALANCE W1750D Cryptographic Issues (CVE-2017-13099)
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as ROBOT. This plugin only works with Tenable.ot...
CVE-2022-3089
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...
PT-2023-16029 · Unknown · Control Id Panel +1
Name of the Vulnerable Software and Affected Versions: Control iD Gerencia Web version 1.30 Control iD Panel affected versions not specified Description: A vulnerability was found in the Web Interface component, where the manipulation of the Nome argument leads to cross-site scripting. The attack...
CVE-2022-36785 D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass.
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains defaul...
PT-2022-5103 · Palo Alto Networks · Pan-Os
Name of the Vulnerable Software and Affected Versions: PAN-OS versions prior to 8.1.24 Description: The issue is related to an authentication bypass vulnerability in the web interface of PAN-OS, which allows a network-based attacker with specific knowledge of the target firewall or Panorama...
PT-2022-6448 · Fortinet · Fortinac
Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to an improper neutralization of input...
多款Cisco产品安全漏洞
Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software are both products of Cisco, Inc. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides highly secure access to data and network resources, among other...
TotoLink EX300 访问控制错误漏洞
TOTOLINK EX300 is a 300 Mbps wireless N range extender from TotoLink, China, and TOTOLINK EX1200T is a Wi-Fi range extender from Gion Electronics TOTOLINK, China.An access control error vulnerability exists in TOTOLINK EX300v2 and EX1200T. The vulnerability stems from the fact that the device web...
Siemens Reyrolle Improper Authentication (CVE-2016-7114)
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01;Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104 f...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
SolarWinds N-Central 信任管理问题漏洞
SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...
SQL Injection Vulnerability in Multiple Honeywell Products
Honeywell Maxpro VMS & NVR is a Honeywell security solution. A SQL injection vulnerability exists in multiple Honeywell products, which can be exploited by attackers to gain unauthorized access to the web user interface...
GitLab Authorization Issues Vulnerability (CNVD-2020-20442)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...
Moxa OnCell G3100-HSPA Security Bypass Vulnerability
Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security vulnerability exists in Moxa OnCell G3100-HSPA 1.4 Build 16062919 and earlier versions. The vulnerability can be exploited by an attacker to bypass authentication and access the web...