53 matches found
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
EUVD-2023-49516
Malicious code in bioql PyPI...
EUVD-2023-44753
Malicious code in bioql PyPI...
EUVD-2023-50033
Malicious code in bioql PyPI...
EUVD-2023-43092
Malicious code in bioql PyPI...
EUVD-2023-47906
Malicious code in bioql PyPI...
CVE-2023-39367
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/downloadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
The vulnerability of the /cgi-bin/upload_config.cgi file in the web interface of the Peplink Smart Reader time tracking and bandwidth management system allows a perpetrator to alter the configuration settings.
The vulnerability of the /cgi-bin/uploadconfig.cgi file of the Peplink Smart Reader web interface is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify configurations by sending a specially crafted HTTP request...
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Cisco Talos Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files. The Peplink Smart...
The vulnerability of the mac2name function in the web interface of the work time and bandwidth management system, Peplink Smart Reader, allows a violator to execute arbitrary code.
The vulnerability of the mac2name function in the web interface of the work time and bandwidth management system Peplink Smart Reader exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacke...
CVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/downloadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
CVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...