Lucene search
+L

143 matches found

Packet Storm
Packet Storm
added 2023/07/04 12:0 a.m.188 views

D-Link DAP-1325 Insecure Direct Object Reference

Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...

7.1AI score
Exploits0
OSV
OSV
added 2023/03/28 9:15 p.m.3 views

CVE-2023-28648

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...

6.1CVSS6AI score0.00835EPSS
Exploits1References1
OSV
OSV
added 2023/03/28 9:15 p.m.3 views

CVE-2023-28712

Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions...

9.8CVSS7.3AI score0.0123EPSS
Exploits1References1
OSV
OSV
added 2023/03/28 9:15 p.m.4 views

CVE-2023-28718

Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...

8CVSS7.3AI score0.00254EPSS
Exploits1References1
OSV
OSV
added 2023/03/28 9:15 p.m.3 views

CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS6AI score0.18202EPSS
Exploits1References1
Prion
Prion
added 2023/03/28 9:15 p.m.23 views

Design/Logic Flaw

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...

5CVSS7.6AI score0.01537EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/03/28 9:15 p.m.20 views

Design/Logic Flaw

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...

5.8CVSS6.8AI score0.00835EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/03/28 8:15 p.m.3 views

CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

7.5CVSS7.1AI score0.00649EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/03/28 8:5 p.m.46 views

CVE-2023-27394 CVE-2023-27394

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...

9.8CVSS10AI score0.18202EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.11 views

PT-2023-7104 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to the use of hardcoded credentials in the Osprey Pump Controller software. This allows a remote attacker to gain full access to the web management interface configuration...

10CVSS9.4AI score0.00771EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.4 views

Osprey Pump Controller 安全漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01. An attacker can exploit this vulnerability to obtain arbitrary files and sensitive system information from an affected device using GET parameters...

7.5CVSS7.7AI score0.01537EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.6 views

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the presence of an operating system command injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary shell...

9.8CVSS8.9AI score0.18202EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.4 views

Osprey Pump Controller 跨站脚本漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from input that is not properly filtered before being returned to the user. An attacker could exploit this vulnerability to execute arbitrary HTML/JS code...

7.5CVSS6.8AI score0.00835EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.6 views

Osprey Pump Controller 跨站请求伪造漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01. An unauthorized attacker could exploit this vulnerability to perform operations with administrative privileges...

8CVSS7.9AI score0.00254EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.47 views

Osprey Pump Controller 授权问题漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the use of an alternate path or channel to bypass authentication, and can be exploited by an attacker to gain unauthorized access to the system...

9.8CVSS8.4AI score0.00892EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.4 views

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from an operating system command injection vulnerability. The vulnerability can be exploited to inject and execute arbitrary shell commands via the index.ph...

9.8CVSS8.9AI score0.01658EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.11 views

PT-2023-7429 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to an unauthenticated OS command injection vulnerability. This vulnerability can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter...

10CVSS9.8AI score0.01658EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.5 views

PT-2023-7479 · Unknown · Osprey Pump Controller

Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue exists due to insufficient input validation in the software of Osprey Pump Controller, allowing a remote attacker to gain unauthorized access to the device. This vulnerability could...

9.8CVSS9.7AI score0.0123EPSS
Exploits1References6
OSV
OSV
added 2023/01/23 3:15 p.m.6 views

CVE-2023-24097

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

8.8CVSS7.6AI score0.01039EPSS
Exploits1References1
NVD
NVD
added 2023/01/23 3:15 p.m.18 views

CVE-2022-47065

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

8.8CVSS9AI score0.01095EPSS
Exploits1References1
Rows per page
Query Builder