Publications: |
---|
CVE-2023-24282: A Stored Cross-Site Scripting (XSS) in the web management portal of Polycom Trio 8800 allows attackers to inject arbitrary javascript code and compromise the administrator account. |
CVE-2022-37719: A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus v4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
CVE-2022-37718: The network management component of JetNexus/EdgeNexus v4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. |
CVE-2022-24237: The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. |
CVE-2022-24236: An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts. |
CVE-2022-24235: A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
CVE-2020-24384: A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected. |