888 matches found
SQL Injection Vulnerability in the Website Building System of Beijing Beyond Infinity Information Technology Co. Ltd (CNVD-2019-30355)
Beijing Beyond Infinity Information Technology is a company engaged in website construction. A SQL injection vulnerability exists in the website building system of Beijing Beyond Unlimited Information Technology Co. Attackers can utilize the vulnerability to obtain sensitive information of the...
CVE-2018-20817
SVSteamAuthClient in various Activision Infinity Ward Call of Duty games before 2015-08-11 is missing a size check when reading authBlob data into a buffer, which allows one to execute code on the remote target machine when sending a steam authentication request. This affects Call of Duty: Modern...
CVE-2018-20817
CVE-2018-20817 affects SV_SteamAuthClient in multiple Activision Infinity Ward Call of Duty titles (MW2, MW3, Ghosts, AW, Black Ops 1/2) released before 2015-08-11. The root cause is a missing size check when reading authBlob data into a buffer, enabling remote code execution via a crafted steam ...
Design/Logic Flaw
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the...
Default configuration
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient...
CVE-2018-19010
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient...
CVE-2018-19012
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker ...
Design/Logic Flaw
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker ...
CVE-2018-19012
The CVE-2018-19012 issue affects Dräger Infinity Delta, Delta XL, Kappa, and Infinity Explorer C700 (all versions). The root cause is improper privilege management in a dialog that allows breaking out of kiosk mode, enabling an attacker to reach the underlying OS and take control of the system. T...
CVE-2018-19012
Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker ...
Dräger Infinity Delta
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Dräger Equipment: Infinity Delta Vulnerabilities: Improper Input Validation, Information Exposure Through Log Files, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
infinity-residence2.com XSS vulnerability
Open Bug Bounty ID: OBB-669786 Description| Value ---|--- Affected Website:| infinity-residence2.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
infinity-club.de XSS vulnerability
Open Bug Bounty ID: OBB-662736 Description| Value ---|--- Affected Website:| infinity-club.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-5384
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...
CVE-2018-5386
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak...
CVE-2018-5385
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...
CVE-2018-5384
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...
CVE-2018-5385
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...
CVE-2018-5386
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak...
Sql injection
Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...