Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions. An attacker could exploit the vulnerability to overwrite arbitrary files via a specially crafted HTTP request...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/accounts/routes.lua. An...

PT-2025-6833 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime version 2.11.0 and earlier Description: A CWE-346 "Origin Validation Error" in the CORS configuration allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs o...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/persistance/routes.lua. ...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

PT-2024-28286 · Intelight · Intelight X-1L Traffic Controller Maxtime

Name of the Vulnerable Software and Affected Versions: Intelight X-1L Traffic controller Maxtime version 1.9.6 Description: An issue in the Intelight X-1L Traffic controller Maxtime allows a remote attacker to execute arbitrary code via the "/cgi-bin/generateForm.cgi?formID=142" component. There...

CVE-2024-38944

CVE-2024-38944 affects Intelight X-1L Traffic Controller Maxtime v1.9.6. A remote attacker can execute arbitrary code through the web-based UI endpoint "/cgi-bin/generateForm.cgi?formID=142". Multiple sources corroborate RCE potential (e.g., ExploitDB report references remote code execution; vend...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

Leap year not accounted for OLAS and veOLAS contract

Lines of code Vulnerability details Impact OLAS and veOLAS contract does not account for years with 366 days in it's state variables uint256 public constant oneYear = 1 days 365; and uint256 internal constant MAXTIME = 4 365 86400; The problem with this is that, in OLAS.sol, minter can exceed...

DEBIAN-CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

UBUNTU-CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

PT-2023-20439 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder versions prior to 1.36.33 ZoneMinder versions prior to 1.37.33 Description: The issue is related to an SQL Injection in ZoneMinder, a free, open source Closed-circuit television software application for Linux. The minTime and maxTi...

In VeAssetDepositor constructor if deployer set wrong value for maxTime or if maxTime in veAsset project changes then funds can be locked in VeAssetDepositor and contract will be in broken state

Lines of code Vulnerability details Impact Contract VeAssetDepositor locks funds in veAsset Project for maxTime. veAsset project has his own maxTime and users can lock tokens bigger than that amount if they try to that the transaction will fail. in VeAssetDepositor's constructor the deployer set...

ConcentratedLiquidityPoolManager: incorrect calculation of secondsUnclaimed

Handle hickuphh3 Vulnerability details Impact The subtraction of secondsClaimed should be performed after the left shifting of bits in uint256 secondsUnclaimed = maxTime - incentive.startTime 128 - incentive.secondsClaimed; Recommended Mitigation Steps uint256 secondsUnclaimed = maxTime -...