An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities. Date published : 2020-04-09 https://medium.com/tsscyber/noc-noc-whos-there-your-nms-is-pwned-1826174e0dee
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. Date published : 2020-04-09 https://medium.com/tsscyber/noc-noc-whos-there-your-nms-is-pwned-1826174e0dee
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. Date published : 2020-04-09 https://medium.com/tsscyber/noc-noc-whos-there-your-nms-is-pwned-1826174e0dee
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF. Date published : 2020-04-09 https://medium.com/tsscyber/noc-noc-whos-there-your-nms-is-pwned-1826174e0dee
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS’s (versions prior to 3.0.2) control. Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS’s (versions prior to 3.0.2) control. Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. Date published : 2020-04-09 https://www.us-cert.gov/ics/advisories/icsa-20-098-01
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITYAuthenticated Users group, which includes all local and remote users. This can be abused by local...
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602...