Drupal跨站脚本漏洞

Drupal is an open source content management system developed by the Drupal community using the PHP language. A cross-site scripting vulnerability exists in Drupal, which stems from the product's Drupal cores sanitization API not effectively filtering certain cross-site scripts. The vulnerability...

CVE-2021-23847

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

CVE-2021-23847

Summary: CVE-2021-23847 describes an unauthenticated information-extraction/settings-change flaw in Bosch IP cameras (CPP6, CPP7, CPP7.3) before firmware B128, on versions 7.70, 7.72, and 7.80. The root cause is a Missing Authentication in a Critical Function, allowing a remote attacker to craft ...

CVE-2021-23847 Unauthenticated Information Extraction Vulnerability

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

PT-2022-8499 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 9.1.7 Drupal Core versions prior to 9.0.12 Drupal Core versions prior to 8.9.14 Drupal Core versions prior to 7.80 Description: A Cross-site Scripting XSS issue exists due to the sanitization API's failure to...

Drupal 7.x, 8.x, 9.x XSS Vulnerability (SA-CORE-2021-002) - Windows

Drupal is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Nimsoft nimcontroller 7.80 Remote Code Execution Exploit

/ Exploit Title : Sing About Me, I'm Dying Of Thirst Exploit Author : wetw0rk Exploit Version : Public POC CVE : CVE-2020-8012 Vendor Homepage : https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en Software Version : 7.80 Tested on : Windows 10 Pro x64, Windows Server 2012 R2...

CVE-2018-12594

Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field...

Default credentials

Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field...

CVE-2018-12594

Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field...

CVE-2018-8900

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center ACC for cross-site scripting XSS vulnerability...