261 matches found
CVE-2023-47618
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request t...
CVE-2023-43482
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
TP-LINK ER7206 Operating System Command Injection Vulnerability
The TP-LINK ER7206 is a multifunction Gigabit router from China P&L TP-LINK. An operating system command injection vulnerability exists in the TP-LINK ER7206 version 1.3.0 build 20230322 Rel.70591, which stems from a specially crafted HTTP request that could lead to arbitrary command injection. T...
GO-2023-2399 Denial of service via memory exhaustion in github.com/hashicorp/vault
Unauthenticated and authenticated HTTP requests from a client will be attempted to be mapped to memory. Large requests may result in the exhaustion of available memory on the host, which may cause crashes and denial of service...
CVE-2023-5961
A Cross-Site Request Forgery CSRF vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This...
CVE-2023-6838
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...
CVE-2023-6838
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...
PT-2023-9011 · Tp Link · Tp-Link Ac1350 Wireless Mu-Mimo Gigabit Access Point +1
Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality. This issue can be triggered by a...
PT-2023-9019 · Tp Link · Eap225 V3 +1
Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...
PT-2023-9020 · Tp Link · Eap115 +1
Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...
PYSEC-2023-272
The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information...
PT-2023-9035
Name of the Vulnerable Software and Affected Versions webOS versions 5 through 7 webOS version 5.5.0 - 04.50.51 webOS version 6.3.3-442 webOS version 7.3.1-43 Description A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service...
PT-2023-9036
Name of the Vulnerable Software and Affected Versions webOS versions 4 through 7 Description A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service. This vulnerability can be triggered by a series of specially crafted...
PT-2023-9037
Name of the Vulnerable Software and Affected Versions webOS versions 5 and 6 webOS versions 5.5.0 - 04.50.51 webOS version 6.3.3-442 Description A command injection vulnerability exists in the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint. This vulnerability can be...
PT-2023-9141 · Owlet · Owlet Cam
Name of the Vulnerable Software and Affected Versions: Owlet Cam versions v1 and v2 Description: A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated...
CVE-2023-34354
A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...
PT-2023-24835 · Peplink · Peplink Surf Soho
Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: A stored cross-site scripting XSS issue exists in the upload brand.cgi functionality. This allows an attacker to execute arbitrary javascript in another user's browser by making a specially...
PT-2023-21086 · Peplink · Peplink Surf Soho
Name of the Vulnerable Software and Affected Versions: peplink Surf SOHO HW1 version 6.3.5 Description: An OS command injection issue exists in the admin.cgi USSD send functionality. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request...
CVE-2023-37552
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server...