335 matches found
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to enumerate valid usernames via a specially crafted HTTP request...
Q-Free MAXTIME Suite 安全漏洞
Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker exploiting this vulnerability cou...
PT-2025-7133 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to enable passwordless guest mode via crafted HTTP requests. This is d...
PT-2025-7154 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function in Q-Free MaxTime, specifically in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote...
PT-2025-6832
Name of the Vulnerable Software and Affected Versions Q-Free MaxTime versions less than or equal to 2.11.0 Description A "Observable Response Discrepancy" in the login page allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests. This issue is related to t...
PT-2025-7146 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: A Path Traversal issue in the maxtime/api/database/database.lua file allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. Recommendations: For versions...
PT-2025-7130 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests. This is d...
PT-2025-7128 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: A missing authentication issue for a critical function in maxtime/handleRoute.lua allows an unauthenticated remote attacker to affect device confidentiality, integrity, or availability via...
PT-2025-7138 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions less than or equal to 2.11.0 Description: A Relative Path Traversal issue in the file upload mechanism allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests. This issue affects...
PT-2025-6831 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions less than or equal to 2.11.0 Description: The issue is related to a hard-coded password for the root account, allowing an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH. This...
PT-2025-7139 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions less than or equal to 2.11.0 Description: The issue allows an authenticated remote attacker to upload malicious files via crafted HTTP requests due to an unrestricted upload of files with dangerous types in the templat...
PT-2025-7137 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as SQL Injection. This occurs in the maxprofile/menu/model.lua file, specifically a...
PT-2025-7160 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authorization, allowing an authenticated attacker with low privileges to add users to groups via crafted HTTP requests. This is due to a problem in the...
PT-2025-7147 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to improper input validation, allowing an authenticated remote attacker to modify system configuration via crafted HTTP requests. This can be achieved by sending...
PT-2025-7136 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authentication issue for a critical function in maxprofile/menu/routes.lua allows an unauthenticated remote attacker to edit user permissions via crafted HTTP requests...
PT-2025-7165 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authorization issue in maxprofile/users/routes.lua allows an authenticated, low-privileged attacker to modify user data via crafted HTTP requests. Recommendations: For versions...
PT-2025-7155 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote attacker to disable front panel...
PT-2025-7148 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/accounts/routes.lua file. This allows an unauthenticated remote attacker to reset user PINs via...
PT-2025-7162 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authorization error, allowing an authenticated attacker with low privileges to enumerate users through crafted HTTP requests to the...
PT-2025-7159 · Q Free · Q-Free Maxtime
Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authorization issue in maxprofile/user-groups/routes.lua allows an authenticated, low-privileged attacker to remove privileges from user groups via crafted HTTP requests...