418 matches found
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
CVE-2019-20458
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...
PublicCMS 代码问题漏洞
PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version v4.0.202406, which originates from the /cms/CmsWebFileAdminController.java component that allows the upload of specially crafted svg or xml...
STEALTHONE多款产品 操作系统命令注入漏洞
The STEALTHONE D220 is a network storage server from STEALTHONE. An operating system command injection vulnerability exists in various STEALTHONE products, which can be exploited to execute arbitrary OS commands by a user with administrative privileges who can log in to the web administration pag...
STEALTHONE多款产品 SQL注入漏洞
STEALTHONE D220 and others are a network storage server from STEALTHONE. A SQL injection vulnerability exists in various STEALTHONE products, where an attacker with access to the affected products could obtain the administrative password for the web administration page. The following products are...
PT-2024-35169 · Sftpgo · Sftpgo
Name of the Vulnerable Software and Affected Versions: SFTPGo versions prior to 2.6.3 Description: SFTPGo has a feature that allows the EventManager to execute scripts or run applications in response to certain events. However, any SFTPGo administrator with permission to run a script has access t...
CVE-2024-51721
CVE-2024-51721 : A code injection vulnerability affects the SecuSUITE Server Web Administration Portal in SecuSUITE versions up to 5.0.420. The issue allows an attacker to inject script commands or other executable content that would run with root privileges. Affected component is the Web Adminis...
CVE-2019-20458
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...
PT-2024-10734 · Epson · Epson Expression Home Xp255
Name of the Vulnerable Software and Affected Versions: Epson Expression Home XP255 version 20.08.FM10I8 Description: An issue was discovered where the device comes without a password and the user is not prompted to set one up, allowing anyone to access the web admin panel and become admin without...
CVE-2019-20458
CVE-2019-20458 affects Epson Expression Home XP255 (version 20.08.FM10I8). The root cause is that the device ships with no password and does not prompt the user to set one, enabling anyone who can reach the web admin panel to gain admin privileges. Public sources corroborate that this results in ...
CVE-2019-20458
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...
CVE-2019-20458
An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...
RHSA-2023:1486 Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update
Bulletin has no description...
RHSA-2022:1628 Red Hat Security Advisory: web-admin-build security update
Bulletin has no description...
RHSA-2020:5599 Red Hat Security Advisory: web-admin-build security and bug fix update
Bulletin has no description...
Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Directory (CVE-2022-32753, CVE-2022-32756, CVE-2022-32754)
Summary Security Vulnerabilities discovered in Web Admin Tool provided by IBM Security Verify Directory products have been resolved. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an...
Cisco Unified Communications Manager 安全漏洞
Cisco Unified Communications Manager is a call processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists in Cisco Unified...
SFTPGo Security Vulnerabilities
SFTPGo is a full-featured and highly configurable SFTP server by Nicola Murino, a personal developer in Italy. A security vulnerability exists in SFTPGo versions v2.2.0 through v2.6.1, which stems from the SFTPGo WebAdmin and WebClient support for password reset, which, if enabled, allows even...
PHOENIX CONTACT CHARX SEC-3000 安全漏洞
PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT CHARX SEC-3000 version 1.5.1 and earlier, which originates from an unauthenticated, remote attacker who can extract session tokens via a MitM attack...
Openmediavault Remote Code Execution / Local Privilege Escalation Exploit
Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...