In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose cred
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device.
This vulnerability is du
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an
unauthorized user without permission rights has physical access to the EPAS-UI computer and is a
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerabi
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an une
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an une
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an une
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack.
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination wi
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected s
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific conf
An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users compone
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges.
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack agains
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted req
Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as ac
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to pri
← Previous Page 5