Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:59 p.m.23 views

CVE-2022-44117

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...

9.8CVSS8.1AI score0.00681EPSS
Exploits0References1
CNVD
CNVD
added 2022/11/25 12:0 a.m.32 views

Boa SQL Injection Vulnerability

Boa is open source an open source code for embedded applications. A SQL injection vulnerability exists in Boa version 0.94.14rc21. The vulnerability stems from the username parameter not being validated for external input. An attacker can exploit this vulnerability to obtain sensitive database...

9.8CVSS9.7AI score0.00681EPSS
Exploits0References1
NVD
NVD
added 2022/11/23 9:15 p.m.20 views

CVE-2022-44117

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...

9.8CVSS0.00681EPSS
Exploits0References1
Prion
Prion
added 2022/11/23 9:15 p.m.21 views

Sql injection

Boa 0.94.14rc21 is vulnerable to SQL Injection via username...

7.5CVSS9.8AI score0.00681EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/11/23 9:15 p.m.6 views

CVE-2022-44117

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...

9.8CVSS5.9AI score0.00681EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.6 views

Boa SQL注入漏洞

Boa is open source an open source code for embedded applications. A SQL injection vulnerability exists in Boa version 0.94.14rc21. The vulnerability stems from the username parameter not being validated for external input. An attacker can exploit this vulnerability to obtain sensitive database...

9.8CVSS7.9AI score0.00681EPSS
Exploits0References2
CVE
CVE
added 2022/11/23 12:0 a.m.91 views

CVE-2022-44117

Boa 0.94.14rc21 is identified as vulnerable to SQL Injection via the username parameter. The claim is disputed by third parties since Boa does not ship with SQL support. The public records note the vulnerability and dispute, with no cited confirmed exploit details or patch information in the prov...

9.8CVSS9.9AI score0.00681EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2019/09/09 12:0 a.m.61 views

Rifatron Intelligent Digital Security System - animate.cgi Stream Disclosure Vulnerability

Exploit for cgi platform in category web applications !/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504,...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/02/05 12:0 a.m.48 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure Vulnerability

Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more...

0.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/02/04 12:0 a.m.74 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

8.8CVSS5.9AI score0.17393EPSS
Exploits1
Exploit DB
Exploit DB
added 2017/12/12 12:0 a.m.31 views

Vivotek IP Cameras - Remote Stack Overflow (PoC)

STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/11/16 12:0 a.m.33 views

Vivotek IP Cameras - Remote Stack Overflow

Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...

7.2AI score
Exploits0
CNVD
CNVD
added 2017/06/27 12:0 a.m.11 views

Boa Webserver Arbitrary File Access Vulnerability

Boa Webserver is a web server for Unix-like computers. A security vulnerability exists in the /cgi-bin/wapopen URI in Boa Webserver version 0.94.14rc21. An attacker can inject the URI by using the FILECAMERA variable '... /...' The vulnerability can be exploited to read files with root privileges...

7.8CVSS6.9AI score0.68464EPSS
Exploits6References1
NVD
NVD
added 2017/06/24 2:29 a.m.18 views

CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...

7.8CVSS7.6AI score0.68464EPSS
Exploits6References2
UbuntuCve
UbuntuCve
added 2017/06/24 2:29 a.m.34 views

CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...

7.8CVSS7.3AI score0.68464EPSS
Exploits6References2
NVD
NVD
added 2010/01/13 8:30 p.m.25 views

CVE-2009-4496

Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS7.6AI score0.12078EPSS
Exploits2References8
UbuntuCve
UbuntuCve
added 2010/01/13 8:30 p.m.81 views

CVE-2009-4496

Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS7.5AI score0.12078EPSS
Exploits2References1
CVE
CVE
added 2010/01/13 8:0 p.m.432 views

CVE-2009-4496

CVE-2009-4496 affects the Boa web server (Boa 0.94.14 rc21 in the Fedora/NASL/OpenVAS references) where HTTP logs are written without sanitizing non-printable characters. The provided connected document notes that this could allow remote attackers to exploit escape sequences in a request to manip...

5CVSS9.7AI score0.12078EPSS
Exploits2References8Affected Software1
OpenVAS
OpenVAS
added 2010/01/13 12:0 a.m.104 views

Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability

Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

5CVSS9.3AI score0.12078EPSS
Exploits2References2
exploitpack
exploitpack
added 2010/01/11 12:0 a.m.27 views

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to...

Exploits0
Rows per page
Query Builder