Gespage 7.4.8 SQL Injection

CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection Stacked Queries -...

CVE-2017-5261

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users...

TIBCO BusinessWorks Process Monitor Integration Matters nJAMS Cross-Site Scripting Vulnerability

TIBCO BusinessWorks Process Monitor is a process monitor for the BusinessWorks platform from TIBCO Software, Inc. Integration Matters nJAMS is one of the business process monitoring components used in it. A cross-site scripting vulnerability exists in TIBCO BusinessWorks Process Monitor 3.0.1.3 a...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-36401)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

CVE-2014-9118

CVE-2014-9118 affects Zhone zNID GPON 2426A (and related 24xx/42xx/26xx/28xx series) prior to S3.0.501. The issue is a command-injection vulnerability in the web admin portal: remote attackers can execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Root cau...

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Cisco Meeting Server Denial of Service Vulnerability (CNVD-2017-32492)

Cisco Meeting Server formerly known as Acano Conferencing Server, CMS is the United States of America Cisco Cisco company's set of audio and video conferencing server software.Web Admin Interface is one of the Web login interface. A denial of service vulnerability exists in the Web Admin Interfac...

CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Design/Logic Flaw

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

CVE-2017-12264

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by...

Netsweeper Authentication Bypass Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper versions prior to 3.1.10, 4.0.x prior to 4.0.9 and 4.1.x prior to 4.1.2. A remote attacker can exploit this vulnerability by sending the 'ip' parameter to the...

XenMobile is unable to identify the group membership of users

Although XenMobile can find both user objects and group objects in Active Directory, XenMobile is unable to enumerate the group membership of user objects. This can result in no MAM resources being deployed unless they are bound to the 'All Users' Delivery Group. You may also find that resources...

Peplink Balance Routers Web Admin Detection

Detection of Peplink Balance Routers Web Admin. The script sends a connection request to the server and attempts to detect the Web Admin Interface of Peplink Balance Routers. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

PT-2017-8968 · Red Hat · Red Hat Enterprise Virtualization Manager

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager RHEV-M version 4.0 Description: The issue allows physically proximate attackers to bypass a webadmin session timeout restriction. This is achieved via vectors related to UI selections, which trigger...

D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow (CVE-2017-3193 )

The affected service is the management web, in the cgibin file located within the htdocs folder on the router filesystem. The vulnerability is a Stack-Based Buffer Overflow, caused by a non-controlled use of the strcat function that allows an overwrite of the PC, and thus the execution flow of th...

CVE-2017-5998

Cross-site scripting XSS vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the strlogname parameter in a "Web Admin Portal Log Configuration Add" action...

CVE-2017-5998

Cross-site scripting XSS vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the strlogname parameter in a "Web Admin Portal Log Configuration Add" action...