Headline
CVE-2019-15654: Trustwave Security Advisories
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn’t require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.
Spending each day immersed in penetration tests and research into the latest threats, our SpiderLabs® experts occasionally discover new vulnerabilities as a part of their work. When that happens, we follow our established disclosure policy which results in published advisories such as these.
Learn more about our disclosure policy chevron_right
Latest Advisory
TWSL2023-002****Input validation Vulnerability in CRUSHFTP
Feb 02, 2023 - CrushFTP is a powerful file server supporting standard secure file transfer protocols.
Read | Download
Advisory Archive
Advisory
Title
Date
TWSL2023-001
Capture-Replay Vulnerability in Sinilink Wifi Remote Thermostat
Jan 20, 2023
Read | Download
TWSL2022-003
Vulnerabilities in Canon Medical Vitrea View
Sep 29, 2022
Read | Download
TWSL2022-002
Multiple Vulnerabilities in Oracle Communications Session Border Controller (SBC)
Aug 23, 2022
Read | Download
TWSL2022-001
Authentication Bypass by Capture-replay in DingTian 2 Channel Relay Board/Relay Card
Jul 12, 2022
Read | Download
TWSL2021-019
Privilege Escalation in CrypKey License Software Licensing System
Nov 04, 2021
Read | Download
TWSL2021-018
Authenticated Stored XSS in WordPress Plugin Age Gate
Oct 06, 2021
Read | Download
TWSL2021-017
Multiple Authenticated Stored XSS in WordPress Plugin Inline Related Posts
Oct 06, 2021
Read | Download
TWSL2021-016
Stored XSS in WordPress Plugin Timetable and Event Schedule by MotoPress
Aug 31, 2021
Read | Download
TWSL2021-015
CSRF Vulnerability in WordPress Plugin Comment Link Remove and Other Comment Tools
Aug 20, 2021
Read | Download
TWSL2021-014
Authenticated SQL Injection in WordPress Plugin WP Simple Booking Calendar
Aug 06, 2021
Read | Download
TWSL2021-013
Authenticated SQL Injection in WordPress Plugin Stop Bad Bots
Aug 06, 2021
Read | Download
TWSL2021-012
Vulnerabilities in WordPress Plugin Membership & Content Restriction - Paid Member Subscriptions
Aug 06, 2021
Read | Download
TWSL2021-011
Privacy Issues in Telegram Self-Destruct Feature on macOS
Aug 05, 2021
Read | Download
TWSL2021-010
Remote File Access Vulnerability in ON24 ScreenShare Plugin for macOS
Jul 21, 2021
Read | Download
TWSL2021-009
Persistent Cross-Site Scripting in SolarWinds Serv-U FTP Server
Jul 06, 2021
Read | Download
TWSL2021-008
Code Execution Vulnerability in Huawei Mobile Broadband HL Service
Jun 02, 2021
Read | Download
TWSL2021-007
Multiple Vulnerabilities in AURALL REC MONITOR
Apr 22, 2021
Read | Download
TWSL2021-006
SQLi in WordPress Plugin Simple Membership
Apr 05, 2021
Read | Download
TWSL2021-005
Privilege Escalation Vulnerability in Umbraco
Apr 01, 2021
Read | Download
TWSL2021-004
Stored Authenticated XSS in WordPress Plugin Virtual Robots.txt
Mar 31, 2021
Read | Download
TWSL2021-003
Incorrect SSLv2 rollback protection Vulnerability in OpenSSL
Feb 18, 2021
Read | Download
TWSL2021-002
Weak ACLs Vulnerability in SolarWinds Serv-U FTP Server 15.2.1 on Windows
Feb 03, 2021
Read | Download
TWSL2021-001
Multiple Vulnerabilities in SolarWinds Orion
Feb 03, 2021
Read | Download
TWSL2020-011
Multiple Vulnerabilities in D-Link DSL-2888A
Dec 17, 2020
Read | Download
TWSL2020-010
Multiple Vulnerabilities in Magic Home Pro Mobile Application
Dec 15, 2020
Read | Download
TWSL2020-009
Multiple Cleartext Protocol Vulnerabilities in WinZip
Dec 10, 2020
Read | Download
TWSL2020-008
Lack of Access Control in GO SMS Pro
Nov 19, 2020
Read | Download
TWSL2020-007
Multiple Vulnerabilities in Modicon M221 controllers and EcoStruxure Machine Expert - Basic Programming Software
Nov 12, 2020
Read | Download
TWSL2020-006
Multiple Vulnerabilities in SAP Adaptive Server Enterprise
Sep 24, 2020
Read | Download
TWSL2020-005
Information Disclosure and Denial of Service Vulnerability in IBM Db2
Aug 20, 2020
Read | Download
TWSL2020-004
Multiple Vulnerabilities in ASUS RT-AC1900P router
Jul 23, 2020
Read | Download
TWSL2020-003
Memory information leakage vulnerability in Cisco Webex Meetings Windows Client
Jun 18, 2020
Read | Download
TWSL2020-002
Multiple Vulnerabilities in SAP Adaptive Server Enterprise
Jun 02, 2020
Read | Download
TWSL2020-001
Multiple Vulnerabilities in Schneider Electric Products
May 07, 2020
Read | Download
TWSL2019-010
Multiple Vulnerabilities in SatLink VSAT Modem Units (vmu)
Nov 21, 2019
Read | Download
TWSL2019-009
Insufficiently Protected Credentials in Shelter Manager ASM 2 Series
Oct 25, 2019
Read | Download
TWSL2019-008
Vulnerabilities in D-Link Products
Sep 10, 2019
Read | Download
TWSL2019-007
Vulnerabilities in Comba Products
Sep 10, 2019
Read | Download
TWSL2019-006
Multiple Vulnerabilities in SanDisk SSD Dashboard
Jul 31, 2019
Read | Download
TWSL2019-005
Hardcoded credentials in Uniguest Kiosks
Jul 11, 2019
Read | Download
TWSL2019-004
Expression Injection Vulnerability in Qlik Products
Jun 04, 2019
Read | Download
TWSL2019-003
Multiple Vulnerabilities in Grandstream Products
Mar 21, 2019
Read | Download
TWSL2019-002
Vulnerabilities in SolarWinds Database Performance Analyzer
Mar 21, 2019
Read | Download
TWSL2019-001
OS Command Injection Vulnerabilities in LifeSize Products
Feb 07, 2019
Read | Download
TWSL2018-012
Kernel Buffer Overflow in IBM Trusteer Rapport
Dec 20, 2018
Read | Download
TWSL2018-011
Use after free vulnerability in QFX Software KeyScrambler
Oct 02, 2018
Read | Download
TWSL2018-010
Credential Leak Flaws in Windows PureVPN Client
Sep 27, 2018
Read | Download
TWSL2018-009
CVE-2018-16962: Webroot SecureAnywhere macOS Kernel Level Memory Corruption
Sep 13, 2018
Read | Download
TWSL2018-008
CVE-2018-8006 - Cross-Site Scripting (XSS) Vulnerability in Apache ActiveMQ
Aug 24, 2018
Read | Download
TWSL2018-007
CVE-2018-2892 - Kernel Level Privilege Escalation in Oracle Solaris
Jul 24, 2018
Read | Download
TWSL2018-006
Unpatched Remote Code Execution in Reprise License Manager
Jul 18, 2018
Read | Download
TWSL2018-005
Vulnerability in WD My Cloud personal cloud storage
Oct 29, 2018
Read | Download
TWSL2018-004
Vulnerabilities in NETGEAR Nighthawk X4S router (R7800)
Feb 07, 2018
Read | Download
TWSL2018-003
Vulnerabilities in NETGEAR R8500 router firmware
Feb 07, 2018
Read | Download
TWSL2018-002
Vulnerabilities in NETGEAR R8500 router firmware
Feb 07, 2018
Read | Download
TWSL2018-001
Multiple Vulnerabilities in WD My Cloud personal cloud storage
Feb 01, 2018
Read | Download
TWSL2017-017
Remote Unauthenticated DoS in Debut embedded httpd server used by Brother printers.
Nov 17, 2017
Read | Download
TWSL2017-016
Local kernel heap buffer overflow Vulnerability in ESET DESLock+ client application
Aug 15, 2017
Read | Download
TWSL2017-015
Multiple Vulnerabilities in ManageEngine Applications Manager
Aug 09, 2017
Read | Download
TWSL2017-014
Multiple Vulnerabilities in ManageEngine OpManager
Jul 26, 2017
Read | Download
TWSL2017-013
Multiple Authentication Bypass Vulnerabilities in ManageEngine Applications Manager
Jul 26, 2017
Read | Download
TWSL2017-012
Remote un-authenticated DoS in IPsec-Tools Racoon
Jul 09, 2017
Read | Download
TWSL2017-011
Lockscreen Lockout Bypass in Elephone P9000 Android Smartphone
Jun 28, 2017
Read | Download
TWSL2017-010
Multiple Vulnerabilities in Humax Routers
Jun 28, 2017
Read | Download
TWSL2017-009
Multiple Vulnerabilities in Avast Antivirus
Mar 31, 2017
Read | Download
TWSL2017-008
Unauthenticated Privilege Escalation Vulnerability in Serv-U FTP/MFT Server
Mar 22, 2017
Read | Download
TWSL2017-007
Undocumented Backdoor Account in DBLTek GoIP
Mar 02, 2017
Read | Download
TWSL2017-006
Multiple Vulnerabilities in Polystar Jupiter
Feb 22, 2017
Read | Download
TWSL2017-005
Improper Input Validation Vulnerability in SAP Adaptive Server Enterprise
Feb 13, 2017
Read | Download
TWSL2017-004
Unauthenticated Backdoor Access in Unanet
Feb 08, 2017
Read | Download
TWSL2017-003
Multiple Vulnerabilities in NETGEAR Routers
Jan 30, 2017
Read | Download
TWSL2017-002
Multiple Vulnerabilities in McAfee Security Scan Plus
Jan 23, 2017
Read | Download
TWSL2017-001
Multiple Vulnerabilities in Digitech Systems PaperVision Enterprise
Jan 11, 2017
Read | Download
TWSL2016-021
Plugin authentication by-pass Vulnerability in Microsoft Skype for Mac OS-X
Dec 13, 2016
Read | Download
TWSL2016-020
Buffer Overflow Vulnerability in B Labs Bopup Communication Server
Nov 03, 2016
Read | Download
TWSL2016-019
Multiple XSS Vulnerabilities in Zeuscart
Sep 21, 2016
Read | Download
TWSL2016-018
Multiple Persistent XSS Vulnerabilities in D-Link DSL-2740E ADSL Router
Sep 16, 2016
Read | Download
TWSL2016-017
SQL Injection Vulnerability in SAP Adaptive Server Enterprise
Sep 16, 2016
Read | Download
TWSL2016-016
Multiple Vulnerabilities in Opsview Monitor Pro
Sep 01, 2016
Read | Download
TWSL2016-015
Password Disclosure Vulnerability in Cisco Connected Streaming Analytics
Aug 11, 2016
Read | Download
TWSL2016-014
Vulnerabilities in ComfortLink™ II XL850
Aug 11, 2016
Read | Download
TWSL2016-013
Unrestricted File Creation vulnerability in SAP Adaptive Server Enterprise
Aug 02, 2016
Read | Download
TWSL2016-012
Multiple Vulnerabilities in Lenovo Solution Center
Jun 23, 2016
Read | Download
TWSL2016-011
Multiple Vulnerabilities in Oracle GlassFish Server Open Source Edition 3.0.1
Jun 08, 2016
Read | Download
TWSL2016-010
Information Disclosure vulnerability in SAP ASE Installer
May 26, 2016
Read | Download
TWSL2016-009
Privilege Escalation Vulnerability in Lenovo Solution Center
May 11, 2016
Read | Download
TWSL2016-008
SQL injection vulnerability in SAP ASE
May 09, 2016
Read | Download
TWSL2016-007
Multiple Vulnerabilities in Cacti
Apr 20, 2016
Read | Download
TWSL2016-006
Multiple Vulnerabilities in Zen Cart
Mar 25, 2016
Read | Download
TWSL2016-005
Vulnerabilities in DevArt dotConnect for Oracle
Mar 10, 2016
Read | Download
TWSL2016-004
Multiple Vulnerabilities in Magnolia CMS
Mar 09, 2016
Read | Download
TWSL2016-003
Unsafe unlinking of files in Sophos Antivirus
Mar 09, 2016
Read | Download
TWSL2016-002
Multiple Vulnerabilities in iNovah
Feb 18, 2016
Read | Download
TWSL2016-001
Multiple Vulnerabilities in Cisco Meraki
Jan 13, 2016
Read | Download
TWSL2015-024
Multiple Vulnerabilities in Proxmox Mail Gateway
Dec 30, 2015
Read | Download
TWSL2015-023
Missing authorization check in SAP Adaptive Server Enterprise
Dec 09, 2015
Read | Download
TWSL2015-022
Cross-Site Scripting in VMware Virtual Center Appliance (vCSA) Web Application Console
Nov 17, 2015
Read | Download
TWSL2015-021
Joomla SQL Injection Vulnerability
Oct 22, 2015
Read | Download
TWSL2015-020
Unauthenticated Local File Inclusion Vulnerability in Oracle Open Commerce Platform 3.4
Oct 20, 2015
Read | Download
TWSL2015-019
Privilege escalation vulnerability in Oracle Database
Oct 20, 2015
Read | Download
TWSL2015-018
Service Privilege Elevation in Lenovo System Update 5
Oct 15, 2015
Read | Download
TWSL2015-017
Reflected File Download in Red Hat Feedhenry
Oct 09, 2015
Read | Download
TWSL2015-016
Path Traversal in Oracle GlassFish Server Open Source Edition
Aug 27, 2015
Read | Download
TWSL2015-015
Multiple Vulnerabilities in SAP Adaptive Server Enterprise
Jul 17, 2015
Read | Download
TWSL2015-014
Account Probing Vulnerability in Oracle Database
Jul 15, 2015
Read | Download
TWSL2015-013
Buffer Overflow Vulnerability in Oracle MySQL
Jul 15, 2015
Read | Download
TWSL2015-012
XSS in Oracle Java Server Faces
Jul 15, 2015
Read | Download
TWSL2015-011
Vulnerability in the pam_unix module in Linux-PAM
Jun 26, 2015
Read | Download
TWSL2015-010
Reflected Cross-site Scripting Vulnerabilities in codeBeamer
Jun 09, 2015
Read | Download
TWSL2015-009
Request Hijacking Bypass Vulnerability In RubyGems
Jun 08, 2015
Read | Download
TWSL2015-008
Multiple Vulnerabilities in SAP Adaptive Server Enterprise
May 22, 2015
Read | Download
TWSL2015-007
Request Hijacking Vulnerability In RubyGems
May 18, 2015
Read | Download
TWSL2015-006
Multiple Vulnerabilities in QlikView
May 13, 2015
Read | Download
TWSL2015-005
Blind SQL injection in XpanceNET
Apr 24, 2015
Read | Download
TWSL2015-004
“Probe” login access vulnerability in SAP ASE
Apr 23, 2015
Read | Download
TWSL2015-003
Multiple Vulnerabilities in SAP Adaptive Server Enterprise
Mar 19, 2015
Read | Download
TWSL2015-002
Cross-Site Scripting in Magnolia CMS
Feb 12, 2015
Read | Download
TWSL2015-001
Multiple Vulnerabilities in IceWarp Mail Server
Feb 12, 2015
Read | Download
TWSL2014-016
Reflected Cross-Site Scripting Vulnerability in VMware Virtual Center Appliance (vCSA) Web Application Console
Dec 05, 2014
Read | Download
TWSL2014-015
Cross Site Scripting Vulnerability in Gizmox WebGui
Oct 29, 2014
Read | Download
TWSL2014-014
Multiple Vulnerabilities in Gerber WebPDM Product Data Management System
Oct 24, 2014
Read | Download
TWSL2014-013
Privilege Escalation Vulnerability and Potential Remote Code Execution in SAP Adaptive Server Enterprise
Sep 12, 2014
Read | Download
TWSL2014-012
Secure Desktop Protection Bypass in 1Password for Windows
Aug 05, 2014
Read | Download
TWSL2014-011
Secure Desktop Protection Bypass in Keepass
Aug 05, 2014
Read | Download
TWSL2014-010
Multiple Vulnerabilities in Wing FTP Server
Jul 02, 2014
Read | Download
TWSL2014-009
Multiple Vulnerabilities in BSS Company Software
Jul 01, 2014
Read | Download
TWSL2014-008
Cross Site Scripting Vulnerability in Cisco ASA
May 28, 2014
Read | Download
TWSL2014-007
Multiple Vulnerabilities in Y-Cam
May 01, 2014
Read | Download
TWSL2014-006
NetSupport Manager Information Disclosure Vulnerability
Apr 17, 2014
Read | Download
TWSL2014-005
VPN Privilege Escalation Vulnerability in Cisco ASA
Apr 09, 2014
Read | Download
TWSL2014-004
Information Disclosure in the BC Collected Information Export Extension for eZ Publish CMS
Mar 20, 2014
Read | Download
TWSL2014-003
Blind SQL Injection Vulnerability in Tableau Server
Jan 24, 2014
Read | Download
TWSL2014-002
Buffer Overflow Vulnerability in DaumGame ActiveX
Jan 06, 2014
Read | Download
TWSL2014-001
Multiple Vulnerabilities in Franklin Fueling’s TS-550 evo
Jan 03, 2014
Read | Download
TWSL2013-034
Path Traversal Vulnerability in WiFi HD Free
Nov 20, 2013
Read | Download
TWSL2013-033
Multiple Vulnerabilities in Easy File Manager
Nov 20, 2013
Read | Download
TWSL2013-032
Path Traversal Vulnerability in FTPDrive
Nov 20, 2013
Read | Download
TWSL2013-031
Information Disclosure Vulnerability in RiskNet Acquirer
Nov 07, 2013
Read | Download
TWSL2013-030
Multiple Vulnerabilities in Quixplorer
Nov 06, 2013
Read | Download
TWSL2013-029
Information Disclosure Vulnerability in QNAP Photo Station
Sep 27, 2013
Read | Download
TWSL2013-028
Persistent Denial of Service Vulnerability in Vino VNC Server
Sep 16, 2013
Read | Download
TWSL2013-027
Multiple Vulnerabilities in ajaXplorer
Sep 05, 2013
Read | Download
TWSL2013-026
Multiple Web Application Vulnerabilities in RockMongo
Aug 16, 2013
Read | Download
TWSL2013-025
Arbitrary File Upload Vulnerability in Official Nmap
Aug 02, 2013
Read | Download
TWSL2013-024
Cross Site Scripting (XSS) vulnerability in McAfee Superscan 4.0
Aug 02, 2013
Read | Download
TWSL2013-023
Lack of Web and API AuthenticationVulnerability in INSTEON Hub
Aug 01, 2013
Read | Download
TWSL2013-022
No Authentication Vulnerability in Radio Thermostat
Aug 01, 2013
Read | Download
TWSL2013-021
Multiple Vulnerabilities in Karotz Smart Rabbit
Aug 01, 2013
Read | Download
TWSL2013-020
Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet
Aug 01, 2013
Read | Download
TWSL2013-018
Multiple Vulnerabilities in OpenEMR
Jul 12, 2013
Read | Download
TWSL2013-008
Command Injection Vulnerabilities in Linksys Routers.
May 31, 2013
Read | Download
TWSL2013-007
Multiple Vulnerabilities in VLC Media Player - Web Interface.
Jun 10, 2013
Read | Download
TWSL2013-006
Cross-Site Scripting Vulnerability in Coldbox.
Jun 10, 2013
Read | Download
TWSL2013-004
Group Name Enumeration Vulnerability in Cisco IKE Implementation.
Apr 18, 2013
Read | Download
TWSL2013-002
Multiple XSS Vulnerabilities in The Bug Genie.
May 09, 2013
Read | Download
TWSL2012-019
Cross-Site Scripting Vulnerability in Support Incident Tracker
Aug 29, 2012
Read | Download
TWSL2012-016
Multiple Vulnerabilities in Bitweaver
Oct 23, 2012
Read | Download
TWSL2012-014
Multiple Vulnerabilities in Scrutinizer NetFlow and sFlow Analyzer
Jul 27, 2012
Read | Download
TWSL2012-012
Cross-Site Scripting Vulnerability in Support Incident Tracker
Apr 20, 2012
Read | Download
TWSL2012-008
Multiple Vulnerabilities in Scrutinizer NetFlow
Apr 10, 2012
Read | Download
TWSL2012-005
Cross-Site Scripting Vulnerability in osCommerce Platform
Mar 23, 2012
Read | Download
TWSL2012-004
Multiple Vulnerabilities in Zen Cart
May 03, 2012
Read | Download
TWSL2012-003
Cross-Site Scripting Vulnerability in Movable Type Publishing Platform
Feb 24, 2012
Read | Download
TWSL2012-002
Multiple Vulnerabilities in WordPress
Jan 24, 2012
Read | Download
TWSL2012-001
Cross-Site Scripting Vulnerability in Textpattern Content Management System
Jan 03, 2012
Read | Download
TWSL2011-019
Cross-Site Scripting Vulnerability in phpMyAdmin
Dec 22, 2011
Read | Download
TWSL2011-018
Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface
Dec 20, 2011
Read | Download
TWSL2011-017
Multiple Vulnerabilities in Merethis Centreon
Nov 04, 2011
Read | Download
TWSL2011-014
Vulnerability in Pantech Web Browser SSL Implementation
Sep 23, 2011
Read | Download
TWSL2011-013
Multiple Vulnerabilities in IceWarp Mail Server
Sep 23, 2011
Read | Download
TWSL2011-008
Focus Stealing Vulnerability in Android
Aug 06, 2011
Read | Download
TWSL2011-007
iOS SSL Implementation Does Not Validate Certificate Chain
Jul 25, 2011
Read | Download
TWSL2011-006
IBM Web Application Firewall Bypass
Jun 21, 2011
Read | Download
TWSL2011-005
Directory Traversal in Trustwave WebDefend Enterprise
Jun 17, 2011
Read | Download
TWSL2011-004
Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall
Jun 10, 2011
Read | Download
TWSL2011-003
Vulnerabilities discovered in Avocent Cyclades ACS Web Manager
Mar 11, 2011
Read | Download
TWSL2011-002
Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)
Feb 04, 2011
Read | Download
TWSL2011-001
Vulnerabilities in Trustwave WebDefend Enterprise
Feb 15, 2011
Read | Download
TWSL2010-008
Clear iSpot/Clearspot CSRF Vulnerabilities
Dec 10, 2010
Read | Download
TWSL2010-007
Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate
Dec 10, 2010
Read | Download
TWSL2010-006
Multiple Vulnerabilities in Camtron CMNC-200 IP Camera
Nov 12, 2010
Read | Download
TWSL2010-005
FreePBX recordings interface allows remote code execution
Sep 23, 2010
Read | Download
TWSL2010-003
Unauthorized access to root NFS export on EMC Celerra Network Attached Storage(NAS) appliance
Jul 29, 2010
Read | Download
TWSL2010-002
Web Service Hijacking in VMWare WebAccess
Mar 30, 2010
Read | Download
TWSL2010-001
View state tampering vulnerabilities in products from Microsoft, Apache, and Sun Microsystems
Feb 03, 2010
Read | Download
TWSL2009-002
Cisco’s Adaptive Security Appliance (ASA) Web VPN Multiple Vulnerabilities
Jun 24, 2009
Read | Download
TWSL2009-001
Profense Web Application Firewall and Load Balancer multiple vulnerabilities
May 19, 2009
Read | Download
Related SpiderLabs Blogs
Related news
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.
Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).