CVE-2010-0348

Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to read arbitrary files via unknown vectors...

EUVD-2014-1501

Malware in sbrugna...

PT-2022-24490

Name of the Vulnerable Software and Affected Versions Nortek Linear eMerge E3-Series versions 0.32-07e through 0.32-09c Description The software contains a SQL injection issue via the idt parameter. This allows for potential compromise of an enterprise building. Recommendations Versions 0.32-07e...

CVE-2022-46381

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter e.g., to the badging/badgetemplatev0.php component. This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e...

CVE-2022-38628

CVE-2022-38628 affects Nortek Linear eMerge E3-Series, versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. The vulnerability is a cross-site scripting (XSS) flaw chained with a local session fixation that enables privilege escalation via unspecified vectors. Public ...

PT-2022-24491 · Nortek Linear · Emerge E3-Series

Name of the Vulnerable Software and Affected Versions: Nortek Linear eMerge E3-Series versions 0.32-07e through 0.32-09c Description: The issue is related to a cross-site scripting XSS vulnerability that is chained with a local session fixation, allowing attackers to escalate privileges via...

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p is affected by CVE-2022-31798: an XSS vulnerability combined with local session fixation via the PHPSESSID when devices are chained, enabling account takeover of admin or lower-privileged users. The issue arises at the /card_scan.php?CardFormatNo= endpoint....

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

PT-2022-20767 · Nortek Linear · Emerge E3-Series

Name of the Vulnerable Software and Affected Versions: Nortek Linear eMerge E3-Series devices versions prior to 0.32-08f Description: The issue allows an unauthenticated attacker to inject OS commands via the ReaderNo variable. This is due to an incomplete fix for a previously known issue...

PT-2022-20940 · Nortek Linear · Nortek Linear Emerge E3-Series

Name of the Vulnerable Software and Affected Versions: Nortek Linear eMerge E3-Series version 0.32-07p Description: The issue allows an attacker to take over an admin account or a user account through a combination of XSS and session fixation via the PHPSESSID when devices are chained together...

Nortek Control Linear eMerge E3-Series 操作系统命令注入漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors can be used by people to enter and exit a specified location at a specified time. A security vulnerability exists in Nortek Control Linear eMerge E3-Series version 0.32-09...

SICUNET Access Controller 安全漏洞

SICUNET Access Controller is a browser-based access from SICUNET China that allows you to connect your panel to our cloud servers so that you can access your panel without firewall settings. A security vulnerability exists in SICUNET Access Controller version 0.32-05z, which stems from a problem...

SICUNET Access Controller 安全漏洞

SICUNET Access Controller is a browser-based access from SICUNET China that allows you to connect your panel to our cloud server. This allows you to access your panel without firewall settings. A security vulnerability exists in SICUNET Access Controller version 0.32-05z, which stems from a...

SICUNET Access Controller 信任管理问题漏洞

SICUNET Access Controller is a browser-based access from SICUNET China, you can connect your panel to our cloud server so that you can access your panel without firewall settings. A security vulnerability exists in SICUNET Access Controller version 0.32-05z, which can be exploited by attackers to...

SICUNET Access Controller 安全漏洞

SICUNET Access Controller is a browser-based access from SICUNET China that allows you to connect your panel to our cloud server. This allows you to access your panel without firewall settings. A security vulnerability exists in SICUNET Access Controller version 0.32-05z, which originates from so...

IZArc Yz1 Buffer Error Vulnerability

IZArc Yz1 is an application for the Chinese IZArc community. It provides compression and decompression functionality. A buffer error vulnerability exists in Yz1 0.30 and 0.32, which can be exploited by an attacker to execute arbitrary code via a crafted archive file related to filename handling...

Apache Superset medata data leakage vulnerability

Apache Incubator Superset is a suite of enterprise-class business intelligence Web applications from the Apache Apache Software Foundation in the United States. The program features data collection, data visualization and authentication. A security vulnerability exists in Apache Incubator Superse...

PYSEC-2019-173

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...

PT-2019-12793 · Apache · Apache Incubator Superset

Name of the Vulnerable Software and Affected Versions: Apache Incubator Superset versions prior to 0.32 Description: A user can view database names that he has no access to on a dropdown list in SQLLab. Recommendations: For versions prior to 0.32, update to version 0.32 or later to resolve the...

PT-2019-11717 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Authentication Plugin versions 0.31 and earlier Description: The issue concerns the management of the state parameter of OAuth to prevent CSRF. An attacker could catch the redirect URL provided during the authentication process...