Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

CVE-2022-24262: News - VoIPmonitor

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.

CVE
Open in Source
#sql#xss#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#apache#memcached#js#git#java
CVE-2021-24900: WordPress Ninja Tables 4.1.7 Cross Site Scripting ≈ Packet Storm

The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CVE-2021-44385: TALOS-2021-1421 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-44419: TALOS-2021-1421 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-40406: TALOS-2021-1423 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-40414: TALOS-2021-1425 || Cisco Talos Intelligence Group

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters.

CVE-2021-40389: TALOS-2021-1400 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40388: TALOS-2021-1399 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40396: TALOS-2021-1408 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-21236: TALOS-2022-1446 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.