CVE-2023-3704

The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful...

PT-2023-25955 · Unknown · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful...

CVE-2023-20211

CVE-2023-20211 affects Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). A vulnerability arises from improper validation of user-supplied input in the web-based management interface, enabling an authenticated remote attacker to perform S...

CVE-2023-20203

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

CVE-2023-20205

Cisco CVE-2023-20205 covers multiple stored XSS vulnerabilities in the web-based management interfaces of Cisco Prime Infrastructure and Cisco EPNM. Root cause: insufficient validation of user-supplied input in the interface, exploitable when an authenticated user with valid credentials views a c...

CVE-2023-20228

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

CVE-2023-20242

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

CVE-2023-20111

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...

Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. The...

CVE-2023-20181

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the...

Checkpoint Gaia Portal R81.10 Remote Command Execution

========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...

Default credentials

A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system. This vulnerability is due to...

CVE-2023-20120 Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance ESA; and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance WSA, could allow a remote...

Moxa MXsecurity Series Hardcoded JWT Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the web-based interface. The issue results from a...

Input validation

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

CVE-2023-20110 Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validat...

CVE-2023-20189 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

CVE-2023-20159 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

Design/Logic Flaw

This vulnerability exists in Milesight 4K/H.265 Series NVR models MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC, due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a...

CVE-2023-20127

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...