CVE-2020-12695
- EPSS 4.73%
- Veröffentlicht 08.06.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 05:00:05
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger is...
CVE-2014-2225
- EPSS 0.18%
- Veröffentlicht 08.02.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 02:05:52
Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add...
CVE-2019-5456
- EPSS 0.36%
- Veröffentlicht 30.07.2019 21:15:12
- Zuletzt bearbeitet 21.11.2024 04:44:58
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.
CVE-2014-2226
- EPSS 0.29%
- Veröffentlicht 29.07.2014 14:55:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2013-3572
- EPSS 0.5%
- Veröffentlicht 31.12.2013 20:55:15
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.