CVE-2013-4859

INSTEON Hub 2242-222 lacks Web and API authentication...

CVE-2013-4859

The CVE-2013-4859 entry refers to INSTEON Hub 2242-222 that suffers a lack of Web and API authentication. The vulnerability targets the Hub’s web/API interfaces, enabling unauthorized access when the device is exposed to the Internet (e.g., via port forwarding). The base information indicates a h...

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

The vulnerability of the mydlink web interface of D-Link routers allows a hacker to obtain DNS query logs and user login logs.

The vulnerability of the D-Link microprogrammed router’s web interface function “mydlink” is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain DNS query logs and user login logs by sending specially crafted...

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW A1-1.04, DIR-816L B1-2.06, DIR-81...

pfSense Access Restriction Bypass Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in version 2.4.41 of pfSense, which stems from the program blocking the source IP address based on SSH authentication failures and HTTPS authentication failures that do not match. An attacker could explo...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:2890-1)

This update for MozillaFirefox to ESR 60.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visited,...

DEBIAN-CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2)

This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visite...

CVE-2018-19076

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)

This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. New browser engine with speed improvements Redesigned graphical user interface elements Unified address and search bar for new installations New tab page listing top visite...

CVE-2017-12574

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

Hardcoded credentials

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

CVE-2017-12574

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

ClearScada Vulnerabilities (Update A)

Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The...

Central Web Authentication ACL Bypass Vulnerability in Multiple Cisco Devices

Cisco Aironet 1560 Series Access Points and others are different families of wireless access point devices from Cisco, Inc.Central Web Authentication CWA with FlexConnect Access Points APs is one of the a component for configuring Central Web Authentication using wireless access points. A securit...

Multiple Cisco products certified to bypass the vulnerability

Cisco Aironet Access Points, IOS Software, and Wireless LAN Controller are products of Cisco Corporation.Cisco Aironet Access Points and Cisco Wireless LAN Controller are a set of wireless access point devices. Cisco Aironet Access Points and Cisco Wireless LAN Controller are a set of wireless...

CVE-2018-0250

A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...

CVE-2018-0247

A vulnerability in Web Authentication WebAuth clients for the Cisco Wireless LAN Controller WLC and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of...

Authentication flaw

A vulnerability in Central Web Authentication CWA with FlexConnect Access Points APs for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list ACL. The vulnerability is du...