903 matches found
CVE-2010-0273
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vdsjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no...
70mai Dash Cam 1S 安全漏洞
70mai Dash Cam 1S is a car recorder from 70mai 70mai. The 70mai Dash Cam 1S suffers from a security vulnerability that originates from the fact that an attacker can bypass the device authorization mechanism of the official mobile application by connecting directly to the device's network and...
VulnCheck KEV: CVE-2022-41140
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The...
CVE-2020-27872
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.621.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the minihttpd service, which listens on TCP port 80 by...
CVE-2020-15631
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2024-52547 Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service TCP port 80. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...
PT-2024-9304 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera
Name of the Vulnerable Software and Affected Versions: Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111 Description: An authenticated attacker can trigger a stack-based buffer overflow in the DHIP Service TCP port 80. This issue allows a remote attacker to...
Adobe Digital Editions < 4.5.11.187658 Multiple Vulnerabilities (APSB21-80) (macOS)
The version of Adobe Digital Editions installed on the remote macOS host is prior to 4.5.11.187658. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-80 advisory. - Adobe Digital Editions 4.5.11.187646 and earlier are affected by an arbitrary command execution...
Adobe InDesign < 18.5.4 / 19.0 < 19.5.0 Arbitrary code execution (APSB24-80) (macOS)
The version of Adobe InDesign installed on the remote macOS host is prior to 18.5.4, 19.5.0. It is, therefore, affected by a vulnerability as referenced in the APSB24-80 advisory. - InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Ty...
Adobe InDesign < 18.5.4 / 19.0 < 19.5.0 Arbitrary code execution (APSB24-80)
The version of Adobe InDesign installed on the remote Windows host is prior to 18.5.4, 19.5.0. It is, therefore, affected by a vulnerability as referenced in the APSB24-80 advisory. - InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous...
Backdoor.Win32.Prorat.jz MVID-2024-0699 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Prorat.jz Vulnerability: Remote Stack Buffer Overflow SEH Description: The RAT...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2024-39341
CVE-2024-39341 affects Entrust Instant Financial Issuance (On Premise) software (6.10.0, 6.9.x, 6.8.x and earlier). A configuration file WebAPI.cfg.xml is left behind after installation and can be accessed without authentication via HTTP port 80, exposing system configuration parameter names and ...
TVT NVMS-1000 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TVT NVMS-1000 Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability which exists in...
WPAD.dat File Server
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WPAD.dat File Server', 'Description' = %q This module generates a valid wpad.dat file for WPAD mitm attacks. Usually this module is used in...
CVE-2022-48916
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double listadd when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform Sapphire Rapids CPU during booting: p...
CVE-2024-41697
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-41697 Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-41697
CVE-2024-41697 corresponds to a Basic XSS (CWE-80) vulnerability with CVSS v3.1 metrics: Network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. Exploitation status is not indicated in the provided documents; the impact is limited to con...