151 matches found
CVE-2024-43011
An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary file...
CVE-2024-5911
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which...
PT-2024-5657
Name of the Vulnerable Software and Affected Versions Palo Alto Networks Panorama affected versions not specified Description The issue is related to an arbitrary file upload vulnerability, allowing an authenticated read-write administrator with access to the web interface to disrupt system...
Delta Electronics DIAEnergie
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely Vendor : Delta Electronics Equipment : DIAEnergie Vulnerabilities : Improper Authorization, SQL Injection, Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
Zentao Security Breach
Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes product management, project management, quality management and document management functions. ...
CVE-2023-51079
DISPUTED A vulnerability was found in the ParseTools.subCompileExpression method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to...
CVE-2023-48375
SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...
Denial Of Service (DoS)
libde265.so is vulnerable to Denial of Service DoS. The vulnerability is due to the slicesegmentheader function in the slice.cc component. An attacker is able to cause a DoS condition by crafting a specially crafted file and tricking the system into processing it. This could disrupt service on th...
CVE-2023-41353
CVE-2023-41353 affects Chunghwa Telecom Nokia G-040W-Q. The vulnerability is due to weak password requirements in the device, enabling a remote attacker with regular user privileges to infer the administrator password from system information after logging in, leading to admin access and arbitrary...
CVE-2023-41352 Chunghwa Telecom NOKIA G-040W-Q - Command Injection
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services...
CVE-2023-41346
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the syst...
CVE-2023-41345
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the...
Command injection
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...
Command injection
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system...
Command injection
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the...
CVE-2023-41348 ASUS RT-AX55 - command injection - 4
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...
CVE-2023-41347 ASUS RT-AX55 - command injection - 3
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system...
CVE-2023-41347 ASUS RT-AX55 - command injection - 3
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system...
CVE-2023-41346 ASUS RT-AX55 - command injection - 2
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the syst...
ASUS RT-AX55 Security Breach
The ASUS RT-AX55 is a dual-band Wi-Fi router from Asus China. A security vulnerability exists in the ASUS RT-AX55, which originates from an insufficient special character filtering issue in the code-authentication module of the authentication-related functions. The vulnerability can be exploited ...