50 matches found
PT-2024-28751 · Dahua · Dahua
Name of the Vulnerable Software and Affected Versions: Dahua products affected versions not specified Description: A vulnerability has been found in Dahua products, allowing attackers to send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash...
PT-2024-28747 · Dahua · Dahua
Name of the Vulnerable Software and Affected Versions: Dahua products affected versions not specified Description: A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface wi...
PT-2024-10190 · Fortinet · Fortianalyzer +1
Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager, FortiAnalyzer versions 6.2.10 through 6.2.13 Fortinet FortiManager, FortiAnalyzer versions 7.0.2 through 7.0.12 Fortinet FortiManager, FortiAnalyzer versions 7.2.0 through 7.2.5 Fortinet FortiManager, FortiAnalyzer...
CVE-2024-22131
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
The vulnerability of the HNAP1 interface in D-Link DIR-822 microprogrammed router software allows a hacker to gain access to administrator accounts with empty passwords.
The vulnerability of the HNAP1 interface of D-Link DIR-822 microprogrammed router software is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to access administrator accounts with empty passwords...
CVE-2023-6910
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...
CVE-2023-6910
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...
CVE-2023-27897
In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform...
PT-2023-21404 · Sap · Sap Crm
Name of the Vulnerable Software and Affected Versions: SAP CRM versions 700 through 713 Description: The issue allows an authenticated attacker with a non-administrative role and common remote execution authorization to use a vulnerable interface and execute an application function, performing...
CVE-2023-27893
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...
CVE-2023-27893
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...
CVE-2022-30564
Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time...
CVE-2022-45428
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information...
CVE-2022-45427
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files...
CVE-2022-45428
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information...
CVE-2022-45426
Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files...
Dahua software products 访问控制错误漏洞
Dahua software products are a family of applications from Dahua Corporation Dahua of China. A security vulnerability exists in several Dahua software products that stems from an unauthenticated request for an AES encryption key that allows an attacker to obtain an AES encryption key by sending a...
LZ4 缓冲区错误漏洞
LZ4 is a lossless compression algorithm. A security vulnerability exists in LZ4 that stems from the use of a C API that is vulnerable to memory corruption. An attacker can exploit the vulnerability to execute arbitrary code...
PT-2022-27513 · Dahua · Dahua
Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue allows for an unauthenticated restart of the remote DSS Server. An attacker can bypass the firewall access control policy by sending a specific crafted packet to t...
PT-2022-27512 · Dahua · Dahua
Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue allows an attacker to enable or disable the SSHD service without authentication. This can be achieved by sending a crafted packet to the vulnerable interface after...