CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It can simplify the operation and management of data center networks. Cisco Nexus Dashboard has a cross-site request forgery vulnerability that originates from a WEB application that does not adequately validate that a reque...

CVE-2022-20893

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CloudBees Jenkins LTS Cross-Site Scripting Vulnerability (CNVD-2020-43170)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-52030)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site scripting vulnerability exists in Mattermost Server versions prior to 4.0.0, prior to 3.10.2, and prior to 3.9.2. The vulnerability stems from a lack of proper validation of client data...

NETGEAR R8500 and R8300 Cross-Site Request Forgery Vulnerability

The NETGEAR R8500 and NETGEAR R8300 are both wireless routers from NETGEAR. A cross-site request forgery vulnerability exists in the NETGEAR R8300 prior to version 1.0.2.94 and the R8500 prior to version 1.0.2.94, which stems from a WEB application that does not adequately validate that a request...

Matrix42 Workspace Management Cross-Site Scripting Vulnerability (CNVD-2020-33078)

Matrix42 Workspace Management is a suite of workspace management software from Matrix42 Germany that combines the multiple functions of Unified Endpoint Management UEM, Software Asset Management SAM, Automated Endpoint Security AES, and Service Management ITSM to support the compliant management ...

Tenda D301 Cross-Site Scripting Vulnerability

Tenda D301 is a wireless router from Tenda China. A cross-site scripting vulnerability exists in Tenda D301 v2. The vulnerability stems from the lack of proper validation of client data by a web application. An attacker can exploit this vulnerability to execute client-side code...

Nortek Security & Control Linear eMerge E3-Series Cross-Site Request Forgery Vulnerability

The Nortek Security & Control Linear eMerge E3-Series is an access control system from Nortek Security & Control, USA. A cross-site request forgery vulnerability exists in the Nortek Security & Control Linear eMerge E3-Series, which arises from a WEB application that does not adequately validate...

Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Cross-Site Request Forgery Vulnerability (CNVD-2019-16260)

Schneider Electric 1st Gen Pelco Sarix Enhanced Camera and Schneider Electric Spectra Enhanced PTZ Camera are products of Schneider Electric, France. The Schneider Electric 1st Gen Pelco Sarix Enhanced Camera is a series of fixed IP cameras and the Schneider Electric Spectra Enhanced PTZ Camera i...

Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Cross-Site Request Forgery Vulnerability

Schneider Electric 1st Gen Pelco Sarix Enhanced Camera and Schneider Electric Spectra Enhanced PTZ Camera are products of Schneider Electric, France. The Schneider Electric 1st Gen Pelco Sarix Enhanced Camera is a series of fixed IP cameras and the Schneider Electric Spectra Enhanced PTZ Camera i...

HP 2620 Series Network Switches Cross-Site Request Forgery Vulnerability

HP 2620 Series Network Switches is a series of 2620 switches from Hewlett-Packard HP in the United States. This series of switches supports IPV4/IPv6 static and RIP routing features. A cross-site request forgery vulnerability exists in the HP 2620 Series Network Switches due to the program failin...

FortiAnalyzer & FortiManager - CS Cross Site Vulnerability

Document Title: =============== FortiAnalyzer & FortiManager - CS Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1686 Fortinet PSIRT ID: 1624489 Bulletin:...

Barracuda Networks Message Archiver 650 XSS

Document Title: =============== Barracuda Networks Bug Bounty 38 Message Archiver - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1108 Barracuda Networks Security ID BNSEC: BNSEC-1530 Release Date: ============= 2016-01-08...

Paypal MOS API - Bypass & Persistent XML Vulnerability

Document Title: =============== Paypal MOS API - Bypass & Persistent XML Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1129 PayPal Security UID: TM13a2uL Release Date: ============= 2014-10-14 Vulnerability Laboratory ID VL-ID:...

PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Microsoft .NET framework comes with a request validation feature, configurable by the ValidateRequest setting. ValidateRequest has been a feature of ASP.NET since version 1.1. This feature consists of a series of filters, designed to prevent class...