Lucene search
K

3068 matches found

CVE
CVE
added 2020/03/15 10:3 p.m.52 views

CVE-2019-6696

CVE-2019-6696 is a FortiOS URL-redirect vulnerability caused by improper input validation on the admin webUI password-change page. Connected sources confirm it affects FortiOS 5.x (>=5.4.0), 6.x (prior to 6.0.9), and 6.2.x (prior to 6.2.2). The issue allows an attacker to perform an URL redire...

6.1CVSS6.2AI score0.00698EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/02/25 12:0 a.m.12 views

Cisco IOS WebUI Command Injection (CVE-2019-12651)

A command injection vulnerability exists in Cisco IOS XE WebUI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.2AI score0.02543EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/02/25 12:0 a.m.12 views

Cisco IOS XE WebUI Privileged Command Injection (CVE-2019-12650)

A command injection exists in the WebUI component of Cisco IOS XE. The vulnerability is due to insufficient input validation on form content submitted by a user via the WebUI.A remote, authenticated attacker with administrative access can exploit this vulnerability by sending a crafted HTTP reque...

9CVSS9.4AI score0.28948EPSS
Exploits0
Fortinet
Fortinet
added 2020/02/18 12:0 a.m.62 views

Protect

An improper input validation vulnerability in FortiOS admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage...

5.8CVSS6.2AI score0.00698EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2020/02/14 12:0 a.m.55 views

Unraid OS WebUI Missing Authentication

The script checks if the Web UI of Unraid OS is accessible without authentication. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.3AI score
Exploits0
CNVD
CNVD
added 2020/02/07 12:0 a.m.5 views

FortiManager Privilege Management Vulnerability

Fortinet FortiManager VM is a centralized network security management platform for virtual machines. FortiManager versions 5.2.1 and earlier, 5.0.10 and earlier, have a privilege management vulnerability in the WebUI FTP backup page implementation that can be exploited by an attacker to compromis...

9.8CVSS6.9AI score0.02202EPSS
Exploits0References1
NVD
NVD
added 2020/02/04 8:15 p.m.10 views

CVE-2015-3613

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page...

9.8CVSS9.5AI score0.02202EPSS
Exploits0References3
Prion
Prion
added 2020/02/04 8:15 p.m.16 views

Design/Logic Flaw

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page...

7.5CVSS7AI score0.02202EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/02/04 7:28 p.m.59 views

CVE-2015-3613

FortiManager VM and FortiManager appliances with versions 5.2.1 and earlier, and 5.0.10 and earlier, expose a privilege management vulnerability in the WebUI FTP backup page. The issue, confirmed by multiple sources, can be exploited to compromise confidentiality, integrity, and availability of t...

9.8CVSS9.3AI score0.02202EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/01/26 5:15 a.m.23 views

CVE-2019-12629

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...

9CVSS6AI score0.02453EPSS
Exploits0References1
Prion
Prion
added 2020/01/26 5:15 a.m.18 views

Input validation

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...

9CVSS7.2AI score0.02453EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/26 4:25 a.m.27 views

CVE-2019-12629 Cisco SD-WAN vManage Command Injection Vulnerability

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...

4.7CVSS7.3AI score0.02453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/01/26 4:25 a.m.8 views

CVE-2019-12629 Cisco SD-WAN vManage Command Injection Vulnerability

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in t...

4.7CVSS7.6AI score0.02453EPSS
Exploits0References1
CVE
CVE
added 2020/01/26 4:25 a.m.132 views

CVE-2019-12629

The CVE-2019-12629 issue pertains to Cisco SD-WAN vManage WebUI. Affected component: WebUI of Cisco SD-WAN Solution; root cause: insufficient input validation of data parameters in login-related fields. Exploitation: an authenticated remote attacker can configure a malicious username on the login...

9CVSS6.2AI score0.02453EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/01/23 6:15 p.m.20 views

CVE-2019-15712

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for...

7.2CVSS7AI score0.00999EPSS
Exploits0References1
NVD
NVD
added 2020/01/23 6:15 p.m.29 views

CVE-2019-15707

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for...

4.9CVSS5.1AI score0.01211EPSS
Exploits0References1
Prion
Prion
added 2020/01/23 6:15 p.m.15 views

Improper access control

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for...

4CVSS5.1AI score0.01211EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/01/23 6:15 p.m.19 views

Improper access control

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for...

6.5CVSS6.9AI score0.00999EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/01/23 5:47 p.m.10 views

CVE-2019-15707

An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for...

6.9AI score0.01211EPSS
Exploits0References1
CVE
CVE
added 2020/01/23 5:47 p.m.72 views

CVE-2019-15707

CVE-2019-15707 concerns FortiMail admin webUI vulnerabilities: improper access control in FortiMail versions 6.2.0, 6.0.0–6.0.6, and 5.4.10 and earlier, enabling administrators to download system backup configurations they should not be authorized to access. Public references include Fortinet FG-...

4.9CVSS5.6AI score0.01211EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder