| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. |
| Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. |
| Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. |
| Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. |
| Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. |
| ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi. |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history. |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi. |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi. |
| ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled. |
| Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference. |
| Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions. |
| Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code. |
