CVE-2024-37654

An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD...

(Pwn2Own) Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of...

CVE-2023-43843

Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request...

CVE-2023-43843

Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request...

CVE-2023-43843

Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request...

多款Anpviz产品 安全漏洞

Anpviz IPC is a series of network cameras from Anpviz. A security vulnerability exists in multiple Anpviz products that originates from a vulnerability that allows an unauthenticated attacker to download arbitrary files from the device's filesystem to /reloading/URI via an HTTP GET request.Affect...

Fortinet FortiWeb Path traversal in API handler (FG-IR-22-136)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-136 advisory. - A relative path traversal vulnerability CWE-23 in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may...

Fortinet Fortigate Unauthenticated access to static files containing logging information (FG-IR-22-364)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-364 advisory. - An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiProxy version 7.2.0...

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

Exploit Title: PopojiCMS 2.0.1 - Remote Command Execution Date: 14/04/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

CVE-2024-3274

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation...

CVE-2024-3274 D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation...

CVE-2024-3272

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3273 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

CVE-2024-3272 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3272 D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The...

CVE-2024-3273

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

CVE-2024-3160

DISPUTED A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to...

CVE-2024-3160

Intelbras MHDX series (1004, 1008, 1016, 5016) and HDCVI 1008/1016 are reported to be affected by a vulnerability in the HTTP GET Request Handler, involving an unknown part of the file /cap.js. The flaw enables information disclosure and can be triggered remotely. Affected versions are up to 2024...

CVE-2024-3160 Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure

DISPUTED A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to...

Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/3b9e9e130d52fe95c8be82aa4b8feb74.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.STOP.Ransomware smokeloader Vulnerability: Remote Code Execution MITM Family: Stop...