CVE-2022-26258

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution RCE vulnerability via HTTP POST to get set ccp...

CVE-2022-26258

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution RCE vulnerability via HTTP POST to get set ccp...

All Vulnerabilities for e-store.bluebrand.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| e-store.bluebrand.me ---|--- Open Bug...

BuilderTorCTPHPRAT.b Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Remote Persistent XSS Family: TorCTPHPRAT Type: WebUI MD5:...

Hades RAT Web Panel Cross Site Scripting Vulnerability

Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5: c4cc1317aea42f7dd4a1b786c5278a24 MD5:...

Hades RAT Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5:...

PT-2022-5814 · Dingtian · Dingtian Dt-R002

Name of the Vulnerable Software and Affected Versions: Dingtian DT-R002 2CH relay devices with firmware 3.1.276A Description: The issue is related to the relay cgi.cgi script on Dingtian DT-R002 2CH relay devices, which allows an attacker to replay HTTP post requests without the need for...

Remote Command Execution in uploading repository file

Description When uploading a file to the repository in Gogs, the treepath parameter is not been validated. The attacker can set treepath=/.git/ to upload file into the .git directory. Rewrite .git/config file and set core.sshCommand, which leads to remote command execution vulnerability. Proof of...

Accounting User Can Download Patient Reports in openemr

Vulnerability Type Insecure Direct Object Reference Affected URL https://localhost/openemr/interface/patientfile/report/customreport.php Affected Parameters “Issue7” Authentication Required? Yes Issue Summary Non-privilege users accounting & front-office can download patient reports containing...

ncagr.gov Cross Site Scripting vulnerability OBB-2396168

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| ncagr.gov ---|--- Open Bug Bounty...

Cisco NX-OS Software NX-API Command Injection (cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the NX-API feature that allows an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that ...

All Vulnerabilities for eca.europa.eu Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eca.europa.eu ---|--- Open Bug Bounty...

aa.eplace.eea.mass.gov IFRAME Injection vulnerability OBB-2384007

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| aa.eplace.eea.mass.gov ---|--- Open Bug...

Authentication flaw

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings...

CVE-2020-14504

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings...

CVE-2020-14504

Rockwell Automation 1734-AENTR Series B/C are affected by CVE-2020-14504 due to an improper access control in the web interface that mishandles HTTP POST authentication, enabling a remote, unauthenticated attacker to modify configuration settings. Affected series and firmware info from sources in...

CVE-2022-20650

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

CVE-2022-20650 Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

CVE-2022-20650 Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...