Lucene search
K

41 matches found

RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.11 views

CVE-2025-66252

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...

8.4CVSS6.9AI score0.00317EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.15 views

CVE-2025-66257

Unauthenticated Arbitrary File Deletion patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files...

9.2CVSS7.2AI score0.00335EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/27 12:58 a.m.11 views

CVE-2025-66260

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

7.2CVSS8.3AI score0.00268EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 3:30 a.m.5 views

EUVD-2025-199679

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.2AI score0.02089EPSS
Exploits1References2
NVD
NVD
added 2025/11/26 1:16 a.m.7 views

CVE-2025-66261

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

9.9CVSS0.02089EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.6 views

CVE-2025-66256

Unauthenticated Arbitrary File Upload patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patchcontents.php allows uploading malicious files...

9.9CVSS0.00382EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.6 views

CVE-2025-66254

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

9.1CVSS0.00335EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.6 views

CVE-2025-66251

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz...

9.1CVSS0.00426EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.12 views

CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS0.00331EPSS
Exploits1References1
NVD
NVD
added 2025/11/26 1:16 a.m.5 views

CVE-2025-66250

Unauthenticated Arbitrary File Upload statuscontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/statuscontents.php...

9.8CVSS0.00382EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/26 12:50 a.m.10 views

CVE-2025-66262 Arbitrary File Overwrite via Tar Extraction Path Traversal

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive...

9.3CVSS0.01246EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 12:48 a.m.5 views

EUVD-2025-199673

PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...

7.2CVSS7.8AI score0.00268EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/26 12:46 a.m.5 views

EUVD-2025-199669

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

9.3CVSS7AI score0.00577EPSS
Exploits1References2
CVE
CVE
added 2025/11/26 12:45 a.m.11 views

CVE-2025-66258

Summary: CVE-2025-66258 describes a Stored XSS via XML Injection in DB Electronica Mozart FM Transmitter family (versions 30–7000). User-controlled filenames are concatenated into patchlist.xml without encoding, enabling injected JavaScript payloads (e.g., ). The XSS executes when ajax.js process...

7.1CVSS5.5AI score0.00164EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/11/26 12:43 a.m.10 views

CVE-2025-66257 Unauthenticated Arbitrary File Deletion (patch_contents.php)

Unauthenticated Arbitrary File Deletion patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files...

9.2CVSS0.00335EPSS
Exploits1References1
CVE
CVE
added 2025/11/26 12:43 a.m.12 views

CVE-2025-66257

Affects DB Electronica Mozart FM Transmitter series (versions 30–7000). The deletepatch parameter in patch_contents.php allows unauthenticated deletion of arbitrary files in /var/www/patch/ due to lack of sanitization and access checks, per CVE-2025-66257 notes across NVD/Red Hat/CIRCL/CVE lists....

9.2CVSS6.8AI score0.00335EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/11/26 12:41 a.m.20 views

CVE-2025-66256

The CVE concerns a vulnerability in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter series (versions 30–7000) where the /var/tdf/patch_contents.php endpoint allows unauthenticated, unrestricted file uploads. There is no file type validation, MIME checking, or size restriction beyond...

9.9CVSS6.9AI score0.00382EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/11/26 12:39 a.m.9 views

CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php)

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS0.00331EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/26 12:39 a.m.1 views

CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php)

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

9.9CVSS8AI score0.00331EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/26 12:37 a.m.10 views

CVE-2025-66254 Unauthenticated Arbitrary File Deletion (upgrade_contents.php)

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

7.8CVSS0.00335EPSS
Exploits1References1
Rows per page
Query Builder