Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.15 views

CVE-2025-66259

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

9.8CVSS7.4AI score0.00577EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.10 views

CVE-2025-66262

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive...

9.8CVSS7.4AI score0.01246EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.14 views

CVE-2025-66251

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz...

9.1CVSS7AI score0.00426EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.15 views

CVE-2025-66253

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.6AI score0.02089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.11 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.6AI score0.00344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.10 views

CVE-2025-66250

Unauthenticated Arbitrary File Upload statuscontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/statuscontents.php...

9.8CVSS7.3AI score0.00382EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.16 views

CVE-2025-66261

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

9.9CVSS9.1AI score0.02089EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.13 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00164EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 3:30 a.m.6 views

EUVD-2025-199676

Unauthenticated Arbitrary File Upload patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patchcontents.php allows uploading malicious files...

9.9CVSS6.8AI score0.00382EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/26 3:30 a.m.5 views

EUVD-2025-199678

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

7.8CVSS6.7AI score0.00335EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/26 3:30 a.m.5 views

EUVD-2025-199680

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...

8.4CVSS6.4AI score0.00317EPSS
Exploits1References2
NVD
NVD
added 2025/11/26 1:16 a.m.9 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS0.00344EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.5 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS0.00164EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.9 views

CVE-2025-66252

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...

8.4CVSS0.00317EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/26 12:52 a.m.3 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.2AI score0.00344EPSS
Exploits1References1
CVE
CVE
added 2025/11/26 12:50 a.m.17 views

CVE-2025-66262

CVE-2025-66262 affects DB Electronica Mozart FM Transmitter series (versions 30–7000). The root cause is tar extraction using -C / in restore_mozzi_memories.sh, which writes extracted files to the filesystem root without path validation. When combined with unauthenticated file upload vulnerabilit...

9.8CVSS7AI score0.01246EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/11/26 12:49 a.m.6 views

EUVD-2025-199672

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

9.9CVSS8.3AI score0.02089EPSS
Exploits1References2
CVE
CVE
added 2025/11/26 12:49 a.m.13 views

CVE-2025-66261

CVE-2025-66261 describes an unauthenticated OS command injection in DB Electronica Mozart FM Transmitter devices (models 30–7000) via the /var/tdf/restore_settings.php endpoint. The vulnerability occurs because the user-controlled GET parameter name is URL-decoded and passed directly to exec() wi...

9.9CVSS8.4AI score0.02089EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/11/26 12:48 a.m.13 views

CVE-2025-66260

The CVE-2025-66260 entry concerns the DB Electronica Mozart FM Transmitter product line (versions 30–7000). The root cause is SQL injection in status_sql.php: the endpoint constructs UPDATE statements by directly concatenating user-supplied sw1 and sw2 parameters instead of using parameterized qu...

7.2CVSS7.9AI score0.00268EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/26 12:46 a.m.4 views

CVE-2025-66259 Authenticated Root Remote Code Execution through improper filtering of HTTP post request parameters

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

9.3CVSS7.1AI score0.00577EPSS
Exploits1References1
Rows per page
Query Builder