CVE-2020-35223

The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests...

CVE-2020-13947

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0...

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters...

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters...

CVE-2020-17502

Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...

CVE-2020-17503

CVE-2020-17503 affects Barco NDN-210 (TransForm N) via a command injection in split_card_cmd.php. The vulnerability allows authenticated users to perform remote code execution over the web admin panel due to improper handling of the http parameter "locking". Affected product is Barco TransForm N;...

RHEL 7 : web-admin-build (RHSA-2020:5599)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5599 advisory. Red Hat Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data...

Important: Red Hat Security Advisory: web-admin-build security and bug fix update

Updated web-admin-build packages that fixes one bug are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

phpRedisAdmin Cross-Site Scripting Vulnerability

phpRedisAdmin is a web administration page for managing Redis for individual developers. A cross-site scripting vulnerability exists in phpRedisAdmin versions prior to 1.13.2, which stems from the login.php username parameter allowing XSS.No detailed vulnerability details are available at this ti...

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

Design/Logic Flaw

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

PT-2020-6848 · Sophos · Sophos Sg Utm

Name of the Vulnerable Software and Affected Versions: Sophos SG UTM versions prior to v9.705 MR5 Sophos SG UTM versions prior to v9.607 MR7 Sophos SG UTM versions prior to v9.511 MR11 Description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. The vulnerability is...

CVE-2020-15059

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter...

CVE-2020-15063

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter...

CVE-2020-15055

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter...

Command injection

A denial of service vulnerability exists in Pulse Connect Secure 9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS...

The vulnerability in the web-based administration interface of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 allows a malicious actor to cause device malfunctions or execute arbitrary code with root privileges.

The vulnerability in the web-based administration interface of Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, and Cisco Small Business RV082 arises from an operation that goes beyond the buffer in memory. Exploiting this vulnerabili...

Vulnerability in Trust Management Issues in Multiple NETGEAR Products (CNVD-2020-33660)

NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 and others are a wireless WiFi device from NETGEAR. NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 version 2.5.1.106, Outdoor Satellite RBS50Y version 2.5.1.106 and Pro Tri-Band Business WiFi A trust management...