TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass…

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio…

The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections.…

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDaServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/agent/da/pcf” API. The affected endpoint does not…

It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any…

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the “.debug_command.config” file to store a json string that contains a list of…

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) PluginServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/plugin/pmx” API. The affected endpoint does not…

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the “/api/appInternals/1.0/agent/diagnostic/logs” API. The affected endpoint does not…

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent’s (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the “/api/appInternals/1.0/agent/configuration” API. The affected endpoint does not…

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected…