29 matches found
Microchip TimeProvider 4100 安全漏洞
Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 versions prior to 2.5, which stems from improper neutralization of special elements and could lead to an SQL injection attack...
Microchip TimeProvider 4100 安全漏洞
Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in Microchip TimeProvider 4100 versions prior to 2.5, which stems from improper neutralization of special elements and could lead to OS command injection...
EUVD-2024-40422
Malicious code in bioql PyPI...
EUVD-2024-40421
Malicious code in bioql PyPI...
EUVD-2024-40419
Malicious code in bioql PyPI...
CVE-2024-43687
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Cross Site Scripting
Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster banner - Stored XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero,...
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Exploit Title: Microchip TimeProvider 4100 Grandmaster Banner Config Modules 2.4.6 - Stored Cross-Site Scripting XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of...
CVE-2024-7801
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43687
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-9054
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...
CVE-2024-43685
Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43684
Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43684
Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43683
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43684
Microchip TimeProvider 4100 is affected by a CSRF vulnerability (also enabling XSS). Affected: TimeProvider 4100, versions 1.0 and later. Root cause: CSRF/XSS issues on the device allow unauthorized actions. Impact: high in both confidentiality and integrity; availability also at risk per CVSS da...
CVE-2024-43685 Session token fixation in TimeProvider 4100
Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43685
The CVE-2024-43685 issue affects Microchip TimeProvider 4100 login modules (versions 1.0 through 2.4.7). Root cause is improper authentication, enabling session hijacking. Affected product: TimeProvider 4100. Impact is session hijacking risk due to inadequate authentication in login modules. Reme...
CVE-2024-43686
CVE-2024-43686 affects Microchip TimeProvider 4100 data plot modules. Vulnerable in TimeProvider 4100 versions 1.0 through before 2.4.7; condition is improper neutralization of input during web page generation, resulting in reflected XSS. Connected sources specify an affected product scope and th...