PT-2022-27556 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered, which can be triggered via the page parameter at the "/goform/webExcptypemanFilter" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, consider...

PT-2022-27555 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the page parameter at the "/goform/P2pListFilter" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, as a temporary workaround, consider...

Code injection

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...

PT-2022-27846 · Rackn · Rackn Digital Rebar

Name of the Vulnerable Software and Affected Versions: RackN Digital Rebar versions 4.6.14 and earlier RackN Digital Rebar versions 4.7 through 4.7.22 RackN Digital Rebar versions 4.8 through 4.8.5 RackN Digital Rebar versions 4.9 through 4.9.12 RackN Digital Rebar versions 4.10 through 4.10.8...

CVE-2022-46383

CVE-2022-46383 affects RackN Digital Rebar up to versions 4.10.8. The vulnerability stems from Incorrect Access Control: a public API endpoint exposes a privileged token that an attacker can use to escalate privileges and gain full administrative access. Exploitation details are not provided in t...

CVE-2022-46383

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint Incorrect Access Control. The token can be used to escalate privileges within the Digital Rebar system and grant full...

PT-2022-27198 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/setUplinkInfo" API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version...

PT-2022-27195 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the /goform/setSnmpInfo API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version 1.0.0.144656,...

PT-2022-27162 · Unknown · Sanitization Management System

Name of the Vulnerable Software and Affected Versions: Sanitization Management System version 1.0 Description: The issue concerns SQL Injection, which can be exploited via the /php-sms/classes/Master.php?f=delete product API endpoint. This allows for potential manipulation of database queries...

PT-2022-27164 · Unknown · Garage Management System

Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the "/garage/php action/createBrand.php" API endpoint. This allows for potential malicious script injection. Recommendations: For Garage...

PT-2022-27210 · Unknown · Poultry Farm Management System

Name of the Vulnerable Software and Affected Versions: Poultry Farm Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the del parameter at the "/Redcock-Farm/farm/category.php" API endpoint. Recommendations: F...

PT-2022-27437 · Unknown · Sanitization Management System

Name of the Vulnerable Software and Affected Versions: Sanitization Management System version 1.0.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at the "/php-sms/classes/Login.php...

CVE-2022-39833

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...

Stored XSS in kiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

GHSA-V42F-HQ78-8C5M Denial of service in Mattermost

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

Denial of service

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

CVE-2022-4045

CVE-2022-4045 describes a denial-of-service in Mattermost Server: an authenticated user can crash the server by sending multiple requests to an API endpoint that may fetch a large amount of data. The Nessus entry confirms an authenticated, remote attacker can crash the server. Impact is limited t...

PT-2022-8678 · Optilink · Optilink Op-Xt71000N

Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N version V2.2, Firmware Version: OP V3.3.1-191028 Description: A remote attacker can conduct a cross-site request forgery CSRF attack due to insufficient CSRF protections for the "mgm config file.asp" file. This allows an...

CVE-2022-3589

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or...

CVE-2022-3589 Miele: Vulnerability in cloud service used by appWash

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write access to other users data by modifying a small part of a HTTP request sent to the API. Reading or...