19 matches found
CVE-2023-28912 Cleartext Phonebook Information
The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb III car with MIB3...
CVE-2023-28912
The CVE-2023-28912 issue affects the VW/Skoda MIB3 infotainment unit (notably in Skoda Superb III with OEM part 3V0035820). The root cause is storing the synchronized phone contact book in clear text, enabling an attacker with system code execution privileges or physical access to exfiltrate vehi...
CVE-2025-28912
Cross-Site Request Forgery CSRF vulnerability in Muntasir Rahman Custom Dashboard Page custom-dashboard-page allows Cross Site Request Forgery.This issue affects Custom Dashboard Page: from n/a through = 1.0...
CVE-2025-28912 WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Muntasir Rahman Custom Dashboard Page custom-dashboard-page allows Cross Site Request Forgery.This issue affects Custom Dashboard Page: from n/a through = 1.0...
CVE-2024-28912
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...
CVE-2024-28912
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...
CVE-2024-28912 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
...
TOTOLINK N600R Router Command Injection (CVE-2022-26186; CVE-2022-26188; CVE-2022-26189; CVE-2022-27411; CVE-2022-28905; CVE-2022-28906; CVE-2022-28907; CVE-2022-28908; CVE-2022-28909; CVE-2022-28910; CVE-2022-28911; CVE-2022-28912; CVE-2022-28913)
A command injection vulnerability exists in TOTOLINK N600R router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-28912
creationtimestamp| type| source ---|---|--- 2022-05-10 18:34:16+00:00| seen| https://t.me/cibsecurity/42248 2025-04-19 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-04-19 2025-04-21 21:02:19+00:00| seen|...
CVE-2022-28912
CVE-2022-28912 affects TOTOLink N600R devices (firmware version V5.3c.7159_B20190425). The vulnerability is a command injection via the filename parameter in the /setting/setUpgradeFW API, caused by unsafely handling input. Reported impact in CVSS metrics is high/critical with network access, no ...
CVE-2021-28912
BAB TECHNOLOGIE GmbH eibPort V3 is affected. The issue stems from hard coded and weak root SSH key passphrases ('eibPort string'), with versions prior to 3.91 vulnerable to gaining root SSH access. The weakness enables an attacker to exploit a weak credential to obtain root access on affected dev...
CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...
CVE-2020-28912
Disclaimer: This data contains information about vulnerable...
CVE-2020-28912
CVE-2020-28912 concerns MariaDB running on Windows where local clients connecting via named pipes can be intercepted by an unprivileged user who can then act as a man‑in‑the‑middle. The root cause is an incorrect security descriptor. Affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 1...
CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...
CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...
CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...
Security fix for the ALT Linux 8 package mariadb version 10.1.48-alt1
10.1.48-alt1 built Dec. 14, 2020 Alexey Shabalin in task 263254 Dec. 11, 2020 Alexey Shabalin - 10.1.48 - Fixes for the following security vulnerabilities: + CVE-2020-14812 + CVE-2020-14765 + CVE-2020-28912...
CVE-2020-28912
With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...