1958 matches found
CVE-2023-27126
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...
CVE-2023-27126
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...
WordPress plugin Web Directory Free SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Design/Logic Flaw
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to...
PhoneSploit-Pro - An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session
An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB Android Debug Bridge and Metasploit-Framework. Complete Automation to get a Meterpreter session in One Click This tool can automatically Create , Install , and Run payload on the target device using...
PT-2023-12044 · Odoo · Odoo Community +1
Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: The issue is related to improper access control in the reporting engine of the l10n fr fec module. This allows remote authenticated users to extra...
Sql injection
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
CVE-2023-28838
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
UBUNTU-CVE-2023-28838
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
GLPI SQL注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
CVE-2023-1137
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation...
Remote Code Execution
github.com/gitpod-io/gitpod is vulnerable to Remote Code Execution. The vulnerability exists due to cross-site WebSocket Hijacking because the Origin header is not restricted which allows an attacker to take over a workspace with stolen credentials or and extract data from a workplace...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
Cross site scripting
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
CVE-2023-0957 describes a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in Gitpod versions prior to release-2022.11.2.16. The issue arises because the Origin header is not restricted, allowing an attacker to initiate WebSocket connections to the Gitpod JSONRPC server using a victim’s crede...
SQL Injection at /front/report.dynamic.php
Description A SQL Injection vulnerability allow to guest user with reports view like "Technician" to extract all data from database and some cases write a webshell on the server. This vulnerability occurs because an insecure concatenation is taking place on this function:...
SUSE CVE-2017-14807
An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...
SUSE CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...