47 matches found
CVE-2024-28025
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-48419
Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...
EUVD-2024-18165
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges...
The vulnerability of the newcli.php web interface of the Ruijie EG-2000SE software firewall allows a perpetrator to escalate their privileges and gain unauthorized access to protected information.
The vulnerability of the newcli.php web interface of the Ruijie EG-2000SE software gateway lies in the lack of measures taken to neutralize the special elements used in commands. Exploiting this vulnerability can allow an attacker, operating remotely, to enhance their privileges and gain...
PT-2023-27962 · Frauscher Sensortechnik Gmbh · Fds101
Name of the Vulnerable Software and Affected Versions: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi versions 1.4.24 and all previous versions Description: The issue allows a remote attacker to read all files on the filesystem of the FDS101 device by exploiting a path traversal vulnerability...
PT-2023-28742 · Broadcom · Broadcom Raid Controller
Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable due to its usage of Libcurl with known vulnerabilities in LSA. Recommendations: At the moment, there is no...
CVE-2023-20134
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this adviso...
CVE-2023-20131 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...
Vulnerabilities fixed in Aruba Clearpass Policy Manager
Aruba Networks has fixed vulnerabilities in Clearpass Policy Manager. The vulnerabilities are located in the web-based management interface of CPPM and allow a malicious person to access gain access to sensitive data, execute arbitrary code on the underlying system or, through a chain of actions,...
CVE-2022-20936
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20812
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
PT-2022-1785 · Cisco · Cisco Telepresence Video Communication Server +1
Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and web-based management interfaces of the affected devices...
Cross site scripting
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...
PT-2021-4959 · Cisco · Cisco Catalyst Pon Series Switches Ont
Name of the Vulnerable Software and Affected Versions: Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT affected versions not specified Description: The issue is related to multiple vulnerabilities in the web-based management interface of the Cisco Catalyst...
CVE-2021-1542
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting XSS attac...
CVE-2021-1250
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow a remote attacker with network-operator privileges to conduct a cross-site scripting XSS attack or a reflected file download RFD attack against a user of the interface. For more...
CVE-2021-1186
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...
CVE-2021-1161
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...
CVE-2021-1171
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...
Pulse Connect Secure Multiple Vulnerabilities (SA44101)
According to its self-reported version, the version of Pulse Connect Secure running on the remote host is affected by multiple vulnerabilities. - An arbitrary file read vulnerability exists in PCS. An unauthenticated, remote attacker can exploit this, via specially crafted URI, to read arbitrary...