143 matches found
D-Link DAP-1325 Insecure Direct Object Reference
Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...
CVE-2023-28648
Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...
CVE-2023-28712
Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions...
CVE-2023-28718
Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...
CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
Design/Logic Flaw
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...
Design/Logic Flaw
Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...
CVE-2023-28395
Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...
CVE-2023-27394 CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
PT-2023-7104 · Unknown · Osprey Pump Controller
Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to the use of hardcoded credentials in the Osprey Pump Controller software. This allows a remote attacker to gain full access to the web management interface configuration...
Osprey Pump Controller 安全漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01. An attacker can exploit this vulnerability to obtain arbitrary files and sensitive system information from an affected device using GET parameters...
Osprey Pump Controller 操作系统命令注入漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the presence of an operating system command injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary shell...
Osprey Pump Controller 跨站脚本漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from input that is not properly filtered before being returned to the user. An attacker could exploit this vulnerability to execute arbitrary HTML/JS code...
Osprey Pump Controller 跨站请求伪造漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01. An unauthorized attacker could exploit this vulnerability to perform operations with administrative privileges...
Osprey Pump Controller 授权问题漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the use of an alternate path or channel to bypass authentication, and can be exploited by an attacker to gain unauthorized access to the system...
Osprey Pump Controller 操作系统命令注入漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from an operating system command injection vulnerability. The vulnerability can be exploited to inject and execute arbitrary shell commands via the index.ph...
PT-2023-7429 · Unknown · Osprey Pump Controller
Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue is related to an unauthenticated OS command injection vulnerability. This vulnerability can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter...
PT-2023-7479 · Unknown · Osprey Pump Controller
Name of the Vulnerable Software and Affected Versions: Osprey Pump Controller version 1.01 Description: The issue exists due to insufficient input validation in the software of Osprey Pump Controller, allowing a remote attacker to gain unauthorized access to the device. This vulnerability could...
CVE-2023-24097
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...
CVE-2022-47065
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...