665 matches found
CVE-2024-48214
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...
CVE-2024-48214
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...
CVE-2024-48214
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data...
PT-2024-33028 · Tuya · Kerui Hd 3Mp 1080P Tuya Camera
Name of the Vulnerable Software and Affected Versions: KERUI HD 3MP 1080P Tuya Camera version 1.0.4 Description: The issue concerns a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom,...
CVE-2024-48214
CVE-2024-48214 affects the Kerui HD 3MP 1080P Tuya Camera (version 1.0.4). The vulnerability is a command injection in the QR code–based local network connection module. An attacker can craft an unauthenticated QR code and abuse a JSON parameter (SSID or PASSWORD) to execute arbitrary code on the...
PT-2024-31741 · Gotenna · Gotenna Pro Atak Plugin
Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The issue is related to the generation of passwords for sharing cryptographic keys, where the goTenna Pro ATAK Plugin does not utilize SecureRandom. Instead, it uses a rando...
CVE-2024-8914
The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wpksesallowedhtml function, which allows the 'onclick' attribute for...
WordPress plugin Thanh Toán Quét Mã QR Code T? Ð?ng – MoMo, ViettelPay, VNPay và 40 ngân hàng Vi?t Nam 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
WordPress Thanh Toán Quét Mã QR Code Tự Động plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Thanh Toán Quét Mã QR Code Tự Động versions = 2.0.1...
WordPress Thanh Toán Quét Mã QR Code Tự Động Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Thanh Toán Quét Mã QR Code Tự Động Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8914 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 39d2756c43d9 Credits Frances...
PT-2024-39315
Name of the Vulnerable Software and Affected Versions: Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting due to the incorrect use of the w...
New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials
Cybersecurity researchers are calling attention to a new QR code phishing aka quishing campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attacke...
New Unicode QR Code Phishing Scam Bypasses Traditional Security
Cybercriminals are exploiting Unicode QR codes in a new wave of phishing attacks. This sophisticated technique bypasses traditional…...
CVE-2024-8172
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...
CVE-2024-8172
SourceCodester QR Code Attendance System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the endpoint /endpoint/delete-student.php, triggered by manipulating the student/attendance parameter. The issue arises from handling user input and may be exploitable remotely; public exploi...
CVE-2024-8172 SourceCodester QR Code Attendance System delete-student.php cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...
CVE-2024-8172 SourceCodester QR Code Attendance System delete-student.php cross site scripting
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...
CVE-2024-8153
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated...
CVE-2024-8152
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting...
CVE-2024-8154
A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tblbookmarkid/name/url leads to cross site...