Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that originates from a missing authorization in maxprofile/user-groups/routes.lua. An attacker could exploit the...

PT-2025-7147 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to improper input validation, allowing an authenticated remote attacker to modify system configuration via crafted HTTP requests. This can be achieved by sending...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to read sensitive files via a specially crafted HTTP request...

CVE-2024-27780

Multiple Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...

CVE-2024-9643

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

CVE-2021-44369

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44415

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44413

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44377

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetImage param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44382

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44401

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. PtzCtrl param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44410

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44399

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44393

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetIsp param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44388

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Login param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-21134

A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-1069

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2022-2547

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22...

CVE-2025-20125 Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation o...

CVE-2024-36493

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasic functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...