CVE-2021-4457

The CVE-2021-4457 entry corresponds to the ZoomSounds WordPress plugin, where versions prior to 6.05 contain a PHP file that allows unauthenticated arbitrary file uploads to the web server. This is the root cause and the primary impact is high confidentiality and integrity risk due to potential r...

PT-2025-26832 · Unknown · Zoomsounds

Name of the Vulnerable Software and Affected Versions: ZoomSounds plugin versions prior to 6.05 Description: The issue allows unauthenticated users to upload an arbitrary file anywhere on the web server due to a vulnerable PHP file. Recommendations: For versions prior to 6.05, update to version...

PT-2024-3703 · Pccx26 +5 · Pccx26 +5

Name of the Vulnerable Software and Affected Versions: CPC80 Central Processing/Communication versions prior to V16.41 CPCI85 Central Processing/Communication versions prior to V5.30 CPCX26 Central Processing/Communication versions prior to V06.02 ETA4 Ethernet Interface IEC60870-5-104 versions...

CVE-2023-2750 SQLi in Cityboss Software's E-municipality

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cityboss E-municipality allows SQL Injection. This issue affects E-municipality: before 6.05...

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The plugin contained a PHP file, allowing unauthenticated users to upload an arbitrary file anywhere on the web server. Note WPScanTeam: It's unclear which version fixed the issue exactly, however we were able to confirm the issue on version as high as v5.96 and that the related file has been...

CVE-2019-0280

CVE-2019-0280 affects SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03–6.06, 6.16–6.18, and 8.0; S4CORE 1.01–1.03). The issue is missing authorization checks on objects T_DEAL_DP and T_DEAL_PD, leading to escalation of privileges. The vulnerability is documented with HIGH impact per CVSSv3 ...

Command injection

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access...

Design/Logic Flaw

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...

Hardcoded credentials

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...

CVE-2014-5433

An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16, which may allow an attacker to gain access the hos...

CVE-2014-5431

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password...

CVE-2014-5434

Baxter SIGMA Spectrum Infusion System version 6.05 model 35700BAX with wireless battery module WBM version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new...

CVE-2018-2455

SAP Enterprise Financial Services (versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) is affected in the EAFS_BCA_BUSOPR_SEPA function by a lack of authorization checks for an authenticated user, enabling escalation of privileges. This vulnerability is documented as CVE-2018-2455 across multiple sources...

D-link DAP-1360 - Path Traversal / Cross-Site Scripting Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: D-Link DAP-1360 File path traversal and Cross site scriptingreflected can lead to Authentication Bypass easily. Date: 20-07-2018 Exploit Author: r3m0t3nu11 Contact : http://twitter.com/r3m0t3nu11 Vendor : www.dlink.com...

Baxter SIGMA Spectrum Infusion System Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 30, 2015, and is being released to the NCCIC/ICS-CERT web site. Researcher Jared Bird with Allina IS Security identified four vulnerabilities in Baxter’s SIGMA Spectrum Infusion System. Baxter has released a...

Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability

This host is running Titan FTP Server and is prone to remote buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbtitanftpserverbofvuln.nasl 4227 2016-10-07 05:45:35Z teissa $ Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability Authors: Chandan S Copyright: Copyright c...

CVE-2003-1387

Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username...

CVE-2001-1327

CVE-2001-1327 affects pmake prior to 2.1.35 installed on Turbolinux 6.05 and earlier. The issue arises because pmake is installed with setuid root privileges, enabling local users to gain privileges by exploiting vulnerabilities in pmake or programs used by pmake. The NVD lists a base CVSS2 score...

beauchamp02032003.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory Beauchamp Security: Java-Applet crashes Opera 6.05 and 7.01 Applet crashes Opera 6.05 and 7.01 =================================================== Vendor: Opera Versions affected: Opera 6.05 / 7.01 Date: 3rd February 2003 Type of...

Java-Applet crashes Opera 6.05 and 7.01

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory Beauchamp Security: Java-Applet crashes Opera 6.05 and 7.01 Applet crashes Opera 6.05 and 7.01 =================================================== Vendor: Opera Versions affected: Opera 6.05 / 7.01 Date: 3rd February 2003 Type of...