14 matches found
EUVD-2020-17886
Malware in sbrugna...
EUVD-2022-5508
Malicious code in bioql PyPI...
EUVD-2024-47367
Malicious code in bioql PyPI...
CVE-2020-25195
The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device...
CVE-2024-6831
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for...
CVE-2024-6831
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for...
CVE-2024-6831
CVE-2024-6831 affects AXIS Camera Station Pro; the issue arises from a client-side-only permission check that allows editing and/or removing views without proper authorization. Impact is limited to features that manage views, with a local-privilege attack surface as described. Axis has released p...
PT-2024-37891 · Axis · Axis Camera Station Pro
Name of the Vulnerable Software and Affected Versions: AXIS Camera Station Pro affected versions not specified Description: The issue allows editing and/or removal of views without necessary permission due to a client-side-only check. Axis has released patched versions for the flaw...
AXIS Camera Station Pro 安全漏洞
AXIS Camera Station Pro is a powerful and flexible video management and access control from Axis Sweden. A security vulnerability exists in AXIS Camera Station Pro versions prior to 6.4, which stems from a client-side-only check and therefore allows editing and deletion of views without the...
GHSA-VJCM-J85R-7P68 DNN File Upload Vulnerability
DNN formerly DotNetNuke through 9.4.4 has a File upload vulnerability via bypassing client-side file extension check...
Design/Logic Flaw
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user even unauthenticated to add unlimited like/dislike to any comment. The plugin appears to have som...
PT-2021-11877
Name of the Vulnerable Software and Affected Versions: Divi Builder plugin versions prior to 4.5.3 Divi theme versions prior to 4.5.3 Divi Extra theme versions prior to 4.5.3 Description: An issue allows authenticated attackers with contributor-level or above capabilities to upload arbitrary file...
CVE-2012-3387
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias aka shortcut restrictions via a client that omits this check...
Design/Logic Flaw
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias aka shortcut restrictions via a client that omits this check...