21 matches found
CVE-2022-28143
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
CVE-2025-28143
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup...
CVE-2025-28143
creationtimestamp| type| source ---|---|--- 2025-04-15 19:57:18+00:00| seen| https://t.me/cvedetector/22976...
CVE-2025-28143
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup...
CVE-2025-28143
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup...
CVE-2025-28143
CVE-2025-28143 affects Edimax BR-6478AC (BR-6478AC, V3_1.0.15) with a command injection via the groupname parameter on the /boafrm/formDiskCreateGroup API. Root cause: insufficient input filtering of groupname leading to arbitrary command execution. Documented impact: arbitrary command execution;...
CVE-2025-28143
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup...
CVE-2024-28143
creationtimestamp| type| source ---|---|--- 2024-12-12 13:55:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113640193636487541 2024-12-12 16:20:46+00:00| seen| https://t.me/cvedetector/12789...
CVE-2024-28143 Insecure Password Change Function
The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e....
CVE-2023-28143
creationtimestamp| type| source ---|---|--- 2023-04-18 20:29:21+00:00| seen| https://t.me/cibsecurity/62368...
CVE-2023-28143
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
CVE-2023-28143 Local Privilege Escalation
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
CVE-2023-28143 Local Privilege Escalation
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
CVE-2023-28143
CVE-2023-28143 affects Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7). The installer allows a local escalation of privilege bounded to the installation window on macOS 10.15 and older. Attackers may exploit incorrect file permissions during PKG extraction/cromotion (copying files to ...
CVE-2022-28143
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
CVE-2022-28143
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
CVE-2022-28143
The provided connected records confirm concrete details for CVE-2022-28143: Jenkins Proxmox Plugin versions up to 0.7.0 (and earlier) expose a CSRF vulnerability that lets an attacker trigger a connection test to an attacker-specified host using attacker-specified username/password, and as part o...
CVE-2021-28143
creationtimestamp| type| source ---|---|--- 2021-03-12 00:54:52+00:00| seen| https://t.me/cibsecurity/24824...
CVE-2021-28143
/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...
CVE-2021-28143
/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...