16600 matches found
CVE-2024-45587 Unauthorized Modification Vulnerability
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which...
CVE-2024-45587
The CVE-2024-45587 issue affects Symphony XTS Web Trading platform 2.0.0.1_P160, arising from improper access controls in the APIs of the Transaction module. An authenticated remote attacker could manipulate parameters via HTTP requests to compromise other user accounts. The vulnerability is docu...
CVE-2024-45586 Account Take Over Vulnerability
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...
CVE-2024-45586 Account Take Over Vulnerability
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...
CVE-2024-45586
CVE-2024-45586 affects Symphony XTS Web Trading and Mobile Trading platforms, version 2.0.0.1_P160. The root cause is improper access controls in the Authentication module’s APIs. An authenticated, remote attacker can manipulate HTTP request parameters to perform an unauthorized account takeover ...
CVE-2024-6343
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...
CVE-2024-5412
A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
CVE-2024-6343
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series firmware versions from V4.16 through V5.38, and USG20W-VPN series firmware versions from V4.16 through...
CVE-2024-5412
A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
CVE-2024-5412
A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...
CVE-2024-5412
CVE-2024-5412 affects Zyxel VMG8825-T50K firmware 5.50(ABOM.8)C0, where a buffer overflow in the libclinkc library could allow an unauthenticated attacker to cause DoS by sending a crafted HTTP request. Connected sources confirm the component and impact; exploitation status is not detailed. Some ...
PT-2024-36053 · Zyxel · Zyxel Vmg8825-T50K
Name of the Vulnerable Software and Affected Versions: Zyxel VMG8825-T50K firmware version 5.50ABOM.8C0 Description: A buffer overflow vulnerability in the library "libclinkc" could allow an unauthenticated attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a...
Log4Shell HTTP Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...
Supermicro Onboard IPMI Url_redirect.cgi Authenticated Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Supermicro Onboard IPMI urlredirect.cgi Authenticated Directory Traversal', 'Description' = %q This module abuses a directory...
Hashtable Collisions
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashtable Collisions', 'Description' = %q This module uses a denial-of-service DoS condition appearing in a variety of programming languages. Thi...
F5 BigIP Access Policy Manager Session Exhaustion Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BigIP Access Policy Manager Session Exhaustion Denial of Service', 'Description' = %q This module exploits a resource exhaustion denial of...
Brother Debut http Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Brother Debut http Denial Of Service', 'Description' = %q The Debut embedded HTTP server MSFLICENSE, 'Author' = 'z00n ', vulnerability disclosure...
TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access', 'Description' = %q This module tests for directory traversal vulnerability in...
Monkey HTTPD Header Parsing Denial of Service (Denial of Service)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monkey HTTPD Header Parsing Denial of Service DoS', 'Description' = %q This module causes improper header parsing that leads to a segmentation...
NETGEAR Administrator Password Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NETGEAR Administrator Password Disclosure', 'Description' = %q This module will collect the password for the admin user. The exploit will not...