357 matches found
exiftags Security Vulnerabilities
exiftags is a utility for parsing attribute data for a given JPEG image. A security vulnerability exists in exiftags version 1.01, which stems from a heap-based buffer overflow in nikonprop1 in nikon.c, where snprintf can write to an exception address...
PT-2024-13950 · Exiftags +1 · Exiftags +1
Name of the Vulnerable Software and Affected Versions: exiftags version 1.01 Description: The issue is a heap-based buffer overflow caused by the snprintf function writing to an unexpected address in the nikon prop1 function within nikon.c. This occurs because snprintf can write a size of 28,...
CVE-2023-42331
A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manageuploads.php component...
CVE-2023-42331
A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manageuploads.php component...
PT-2023-28318 · Elitecms · Elitecms
Name of the Vulnerable Software and Affected Versions: EliteCMS version 1.01 Description: A file upload vulnerability allows a remote attacker to execute arbitrary code via the manage uploads.php component. Recommendations: For EliteCMS version 1.01, consider disabling the file upload functionali...
elitecms Code Issues Vulnerabilities
elitecms is a web content management from elitecms India. A code issue vulnerability exists in elitecms version 1.01. An attacker can exploit this vulnerability to execute arbitrary code via the manageuploads.php component...
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...
D-Link DAP-1325 Insecure Direct Object Reference
Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...
D-Link DAP-1325 - Broken Access Control
Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...
PT-2025-51744
Name of the Vulnerable Software and Affected Versions D-Link DAP-1325 firmware version 1.01 Description The device has a flaw in access control that permits unauthenticated attackers to obtain device configuration settings without needing to authenticate. Attackers can access the...
CVE-2022-43309
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions...
Supermicro X11 安全漏洞
The Supermicro X11 is a server motherboard from Supermicro. A security vulnerability exists in the Supermicro X11SSL-CF HW Rev 1.01, BMC firmware version 1.63, which stems from the BMC having an internal IC bus that causes the voltage to vary outside of the CPU's specified operating range, thus...
CVE-2023-28648
Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...
CVE-2023-28712
Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions...
CVE-2023-28718
Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...
CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
Design/Logic Flaw
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...
Design/Logic Flaw
Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...
CVE-2023-28395
Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...
CVE-2023-27394 CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...