| Publications: |
|---|
| CVE-2023-88888: A Stored Cross-Site Scripting (XSS) in the web management portal of Polycom Trio 8800 allows attackers to inject arbitrary javascript code and compromise the administrator account. |
| CVE-2022-37719: A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus v4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
| CVE-2022-37718: The network management component of JetNexus/EdgeNexus v4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. |
| CVE-2022-24237: The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. |
| CVE-2022-24236: An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts. |
| CVE-2022-24235: A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
| CVE-2020-88888: A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. |