CVE-2023-26317

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

CVE-2023-26317

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

Command injection

A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an...

CVE-2023-26317 Xiaomi router external request interface has command injection

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

CVE-2023-26317 Xiaomi router external request interface has command injection

Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing...

Xiaomi router 命令注入漏洞

Xiaomi router is a series of wireless routers from the Chinese company Xiaomi. Xiaomi routers suffer from a command injection vulnerability that stems from insufficient filtering of responses returned by the external interface, which can be exploited by an attacker to gain privileges by hijacking...

wfc-pkt-router 安全漏洞

wfc-pkt-router is a software application. A security vulnerability exists in wfc-pkt-router that stems from the ability to incorrectly bind to an external network interface instead of a VPN tunnel...

SUSE CVE-2013-0648

Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted...

CVE-2022-32740 Information disclosure in the External Interface

A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances...

CVE-2022-1004

Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...

CVE-2022-1004

Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...

Code injection

Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...

CVE-2022-1004 Information disclosure in the External Interface

Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...

CVE-2022-1004

CVE-2022-1004 affects OTRS and concerns an information disclosure where the Billing Time ExternalFrontend::TicketDetailView###AccountedTimeDisplay setting is shown in the Ticket Work Order details view even if the display is disabled. Multiple sources corroborate this, including NVD and CVE recor...

CVE-2021-42343

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask workers to listen on extern...

The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, related to access control deficiencies, allows an attacker to gain access to confidential internal services through an external interface.

The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential internal services through an external...

Input validation

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...

CVE-2021-1600 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...

CVE-2021-1600 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...

CVE-2021-1601 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...