2871 matches found
CVE-2023-35136
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and...
CVE-2023-35136
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and...
Input validation
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and...
CVE-2023-35136
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and...
CVE-2023-35136
An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and...
CVE-2023-35136
CVE-2023-35136 describes an improper input validation vulnerability in the Quagga package across Zyxel devices (ATP series 4.32–5.37; USG FLEX 4.50–5.37; USG FLEX 50(W) 4.16–5.37; USG20(W)-VPN 4.16–5.37; VPN series 4.30–5.37) that could allow an authenticated local attacker to access configuratio...
Zyxel ATP Input Validation Error Vulnerability
Zyxel ATP is a firewall from China-based Heqin Zyxel. The Zyxel ATP suffers from an input validation error vulnerability that stems from an incorrect input validation vulnerability in the Quagga program package, which allows an authenticated, local attacker to access configuration files on the...
CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...
CVE-2023-41791
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...
CVE-2023-41791
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...
CVE-2023-41791 Lack of Authorization and Stored XSS Via Translation Abuse
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...
CVE-2023-41791 Lack of Authorization and Stored XSS Via Translation Abuse
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...
CVE-2023-4595
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end o...
CVE-2023-4595 Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail
An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files, configuration files, application files, etc., simply by appending any of the following parameters to the end o...
Insertion of Sensitive Information into Log
Impact If successful login attempts are recorded, the raw tokens are stored in the log table. If a malicious person somehow views the data in the log table, he or she can obtain a raw token, which can then be used to send a request with that user's authority. When you 1 use the following...
CVE-2023-6252
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files...
CVE-2023-6252
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files...
Path traversal
Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files...
CVE-2023-6252
CVE-2023-6252 describes a path traversal vulnerability in the Chalemelon Power framework, affecting the getImage parameter. The issue allows a remote attacker to read files on the server and access sensitive information such as configuration files. Multiple connected sources (NVD, CVE lists) corr...