49 matches found
UKcms Cross-Site Request Forgery Vulnerability
Lingji Network Technology UKcms is a PHP-based content management system CMS by China Lingji Network Technology. A cross-site request forgery vulnerability exists in UKcms v1.1.10, which originates from a WEB application that does not adequately validate whether a request comes from a trusted use...
WSD-T13 Cloud Storage Camera (Android client) suffers from an override access vulnerability (CNVD-2019-06647)
Ltd. is an enterprise specializing in the research and development, production, sales and service of security monitoring products. WSD-T13 Cloud Storage Camera Android client suffers from an overstepping access vulnerability. The vulnerability is due to the server on the client request data...
The vulnerability of the remote procedure call handler “arpc_Span” in the atlcore_.dll library of the resource management system of the Galaktika ERP system allows a malicious actor to read data from the memory of the server process.
The vulnerability of the process handler for remote procedure calls in the “arpcSpan” module of the atlcore.dll library of the resource management system of the Galaktika ERP system is related to the lack of validation for the correctness of received requests. Exploiting this vulnerability allows...
PT-2018-12689 · Webpack · Webpack-Dev-Server
Name of the Vulnerable Software and Affected Versions: webpack-dev-server versions prior to 3.1.10 webpack-dev-server versions prior to 3.1.6 Description: An issue in the WebSocket server used for Hot Module Replacement HMR allows attackers to steal a developer's source code because the origin of...
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery
input type="hidden" name="pw2" value="P@ss...
The vulnerability of the Citrix NetScaler delivery mechanism, related to insufficient validation of incoming requests, allows a attacker to execute arbitrary commands with root privileges.
The vulnerability of the Citrix NetScaler web application delivery mechanism lies in insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor, operating remotely with webapp privileges, to gain access to the nsroot account and execute arbitrary commands...
SonicDICOM PACS Cross-Site Request Forgery Vulnerability
SonicDICOM is a PACS software from JIUN Corporation that combines the functionality of DICOM with a web browser based on DICOM Viewer. A cross-site request forgery vulnerability exists in SonicDICOM. The application program interface allows a user to perform certain actions via an HTTP request...
Moxa NPort Cross-Site Request Forgery Vulnerability
MOXA Nport is a serial communication server. A cross-site request forgery vulnerability exists in Moxa NPort. An attacker can exploit the vulnerability to launch a cross-site request attack because a user-submitted request is not validated...
Authentication flaw
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...