Design/Logic Flaw

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

CVE-2023-4421

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

Trigone Remote System Monitor 安全漏洞

Trigone Remote System Monitor is a remote system monitor from Trigone. It is used to monitor computer hardware and system parameters from an Android device or BlackBerry Playbook. Trigone Remote System Monitor suffers from a code issue vulnerability that stems from Trigone Remote System Monitor...

TRIGONE Remote System Monitor 3.61 Unquoted Service Path

Exploit Title: TRIGONE Remote System Monitor 3.61 Unquoted Service Path Discovery by: Yehia Elghaly Date: 30-12-2021 Vendor Homepage: https://www.trigonesoft.com/ Software Link: https://www.trigonesoft.com/download/RemoteSystemmonitorServer3.61x86Setup.exe Tested Version: 3.61 Vulnerability Type:...

Buffalo TS5600D1206 Command Injection Vulnerability (CNVD-2019-00674)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A command injection vulnerability exists in the User.create method in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited to execute system commands with the 'name' parameter...

Buffalo TS5600D1206 Access Control Error Vulnerability (CNVD-2019-00678)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. An access control error vulnerability exists in the nasapi in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by an attacker to call a dangerous internal function with the 'method' parameter...

Buffalo TS5600D1206 Cross-Site Scripting Vulnerability

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A cross-site scripting vulnerability exists in the detail.html file in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by a remote attacker to execute JavaScript code via a "username" cookie...

Buffalo TS5600D1206 Directory Traversal Vulnerability

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A directory traversal vulnerability exists in the listfolders method in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited to list the contents of a directory with the 'path' parameter...

Buffalo TS5600D1206 Access Control Error Vulnerability

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. An access control error vulnerability exists in the nasapi in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by an attacker to bypass authentication by sending a modified HTTP Host packet heade...

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

CVE-2018-13319

Incorrect access control in getportalinfo in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request...

Command injection

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

Cross site scripting

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie...

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

CVE-2018-13322

Directory traversal in listfolders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter...

CVE-2018-13323

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie...

Code injection

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...

CVE-2018-17364

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter...

CVE-2018-17086

An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...