84 matches found
CVE-2023-23572
CVE-2023-23572 is a stored cross-site scripting vulnerability in SEIKO EPSON printers’ and network interface Web Config (Remote Manager) affecting the Web Config component pre-installed on some printers/network interfaces. A remote authenticated attacker with administrative privileges can inject ...
Command injection
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
JVN#82424996: Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config
Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below. Stored cross-site Scripting CWE-79 - CVE-2023-23572 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...
PT-2023-18508 · Unknown · Kenny2Automate
Name of the Vulnerable Software and Affected Versions: kenny2automate versions prior to commit a947d7c Description: The issue concerns a Discord bot where form elements in the web interface for server settings were generated with Discord channel IDs as part of input names. No validation was...
CVE-2022-37860
The CVE-2022-37860 issue affects the TP-Link M7350 V3 web configuration interface (firmware version 190531). All connected documents describe a pre-authentication command injection vulnerability in the web UI, stemming from insufficient input/data handling at the management level. Impact stated a...
Exploit for Path Traversal in Solutions-Atlantic Regulatory_Reporting_System
CVE-2022-29597: Local File Inclusion in RSS v500 The RRSht...
CVE-2022-23377
Archeevo below 5.0 is affected by local file inclusion through file=/web.config to allow an attacker to retrieve local files...
@abc.xyz/drop-down-treeview (>=0.0.15 <=0.0.16), @abcpros/bitcore-build (>=8.25.29 <=8.25.30) +1332 more potentially affected by CVE-2022-0437 via karma (>=0.10.2 <=6.3.13)
karma NPM version =0.10.2, =0.0.15, =8.25.29, =1.0.0, =0.1.1, =0.1.14, =1.0.2, =1.0.0, =1.2.0, =0.2.0-preview.3, =5.0.0, =0.23.0, =2.3.0, =2.11.0 and more Source cves: CVE-2022-0437 Source advisory: OSV:GHSA-7X7C-QM48-PQ9C...
4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code
The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has almost certainly been exploited in the wild as a zero-day, according to an analys...
CVE-2021-39392
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...
PT-2021-10249 · Phpmywind · Phpmywind
Name of the Vulnerable Software and Affected Versions: PHPMyWind version 5.6 Description: The issue allows remote attackers to execute arbitrary code via the "text color" field of the component "/admin/web config.php". Recommendations: For PHPMyWind version 5.6, consider disabling access to the...
CVE-2020-18229
CVE-2020-18229 affects PHPMyWind v5.5 with a Cross Site Scripting (XSS) vulnerability in the /admin/web_config.php component, where injecting scripts into the parameter $cfg_copyright allows remote attackers to execute arbitrary code. The connected documents consistently describe the flaw as an X...
CVE-2019-19837
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests...
PT-2019-15960 · Telerik · Telerik Ui For Asp.Net Ajax
Name of the Vulnerable Software and Affected Versions: Telerik UI for ASP.NET AJAX versions all versions of RadChart Description: The issue allows a remote attacker to read and delete specific image files on the server through a specially crafted request, exploiting path traversal in RadChart. Th...
PT-2018-3326 · Abb · Abb Esoms
Name of the Vulnerable Software and Affected Versions: ABB eSOMS version 6.0.2 Description: The issue is related to the incorrect operation of the authentication mechanism in ABB eSOMS. This can allow a remote attacker to gain unauthorized access to the system if LDAP is configured for anonymous...
Code injection
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via 1 the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or 2 vectors involving curl support of the "file" schema in the...
Absolute News Manager .NET 5.1 pages/default.aspx template Variable Remote File Access
No description provided by source. source: http://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal...