CVE-2020-11549

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting...

CVE-2020-11549

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting...

CVE-2020-12677

An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...

CVE-2020-12677

An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...

Design/Logic Flaw

An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...

CVE-2020-12677

An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...

CVE-2020-12677

CVE-2020-12677 affects Progress MOVEit Automation Web Admin. An endpoint fails to sanitize input, enabling XSS that could let an unauthenticated attacker execute arbitrary code in a victim’s browser. Affected versions include 2018.0 before 2018.0.3; 2018 SP1–SP2 before 2018.2.3–2018.3.7; 2019.0 b...

CVE-2020-8511

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500...

CVE-2020-8511

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500...

CVE-2019-19225

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns1 POST request...

PT-2020-10101 · D Link · Dsl-2680

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2680 version EU 1.03 Description: A Stored XSS issue in the web administration interface allows an authenticated attacker to inject arbitrary JavaScript code into the administration page by sending a crafted "Forms/wireless...

CVE-2020-8500

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...

CVE-2020-8500

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...

CVE-2020-8500

CVE-2020-8500 affects Artica Pandora FMS 7.42. Web Admin users can execute arbitrary code by uploading a PHP file through the Updater or Extension component. The root cause is tied to file upload handling that allows code execution on the host. The vendor notes this behavior as intended functiona...

CVE-2020-8500

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...

CVE-2020-8500

DISPUTED In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. Recent assessments: J3rryBl4nks at March 03, 2020 7:47pm UTC reported: Due to the fact tha...

PT-2020-20179 · Artica · Artica Pandora Fms

Name of the Vulnerable Software and Affected Versions: Artica Pandora FMS version 7.42 Description: The issue allows Web Admin users to execute arbitrary code by uploading a .php file via the Updater or Extension component. However, the vendor reports that this functionality is intended...

Netsweeper Path Traversal Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A path traversal vulnerability exists in the webadmin/reporter/viewserverlog.php file in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. The vulnerability stems from a...

CVE-2020-7470

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...

CVE-2020-7470

Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field after a successful login with the Web Admin Password...