Lucene search
K

84 matches found

CVE
CVE
added 2023/04/11 12:0 a.m.68 views

CVE-2023-23572

CVE-2023-23572 is a stored cross-site scripting vulnerability in SEIKO EPSON printers’ and network interface Web Config (Remote Manager) affecting the Web Config component pre-installed on some printers/network interfaces. A remote authenticated attacker with administrative privileges can inject ...

4.8CVSS5.2AI score0.00499EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/03/31 4:15 p.m.19 views

Command injection

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

6CVSS9.3AI score0.01142EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/03/08 12:0 a.m.44 views

JVN#82424996: Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config

Web Config for printers/network interface provided by SEIKO EPSON CORPORATION contains multiple vulnerabilities listed below. Stored cross-site Scripting CWE-79 - CVE-2023-23572 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

6.5CVSS6.5AI score0.00499EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.5 views

PT-2023-18508 · Unknown · Kenny2Automate

Name of the Vulnerable Software and Affected Versions: kenny2automate versions prior to commit a947d7c Description: The issue concerns a Discord bot where form elements in the web interface for server settings were generated with Discord channel IDs as part of input names. No validation was...

6.5CVSS6.4AI score0.00548EPSS
Exploits0References7
CVE
CVE
added 2022/09/12 5:6 p.m.69 views

CVE-2022-37860

The CVE-2022-37860 issue affects the TP-Link M7350 V3 web configuration interface (firmware version 190531). All connected documents describe a pre-authentication command injection vulnerability in the web UI, stemming from insufficient input/data handling at the management level. Impact stated a...

9.8CVSS9.7AI score0.80012EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2022/04/21 8:22 p.m.8 views

Exploit for Path Traversal in Solutions-Atlantic Regulatory_Reporting_System

CVE-2022-29597: Local File Inclusion in RSS v500 The RRSht...

6.5CVSS7.2AI score0.01852EPSS
Exploits2
OSV
OSV
added 2022/03/01 1:15 p.m.1 views

CVE-2022-23377

Archeevo below 5.0 is affected by local file inclusion through file=/web.config to allow an attacker to retrieve local files...

7.5CVSS5.8AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/02/06 12:0 a.m.4 views

@abc.xyz/drop-down-treeview (>=0.0.15 <=0.0.16), @abcpros/bitcore-build (>=8.25.29 <=8.25.30) +1332 more potentially affected by CVE-2022-0437 via karma (>=0.10.2 <=6.3.13)

karma NPM version =0.10.2, =0.0.15, =8.25.29, =1.0.0, =0.1.1, =0.1.14, =1.0.2, =1.0.0, =1.2.0, =0.2.0-preview.3, =5.0.0, =0.23.0, =2.3.0, =2.11.0 and more Source cves: CVE-2022-0437 Source advisory: OSV:GHSA-7X7C-QM48-PQ9C...

6.1CVSS6AI score0.15174EPSS
Exploits1
ThreatPost
ThreatPost
added 2021/12/23 7:4 p.m.25 views

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has almost certainly been exploited in the wild as a zero-day, according to an analys...

7.4AI score
Exploits0References2
OSV
OSV
added 2021/09/15 5:15 p.m.5 views

CVE-2021-39392

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...

9.8CVSS6.1AI score0.02187EPSS
Exploits0References2
OSV
OSV
added 2021/08/20 2:15 p.m.4 views

CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...

7.2CVSS7.3AI score0.03871EPSS
Exploits1References2
NVD
NVD
added 2021/08/20 2:15 p.m.19 views

CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...

7.2CVSS0.03871EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/08/20 1:22 p.m.19 views

CVE-2020-18885

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/webconfig.php'...

7.6AI score0.03871EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/08/20 12:0 a.m.5 views

PT-2021-10249 · Phpmywind · Phpmywind

Name of the Vulnerable Software and Affected Versions: PHPMyWind version 5.6 Description: The issue allows remote attackers to execute arbitrary code via the "text color" field of the component "/admin/web config.php". Recommendations: For PHPMyWind version 5.6, consider disabling access to the...

7.2CVSS7.6AI score0.03871EPSS
Exploits1References4
CVE
CVE
added 2021/05/27 3:20 p.m.42 views

CVE-2020-18229

CVE-2020-18229 affects PHPMyWind v5.5 with a Cross Site Scripting (XSS) vulnerability in the /admin/web_config.php component, where injecting scripts into the parameter $cfg_copyright allows remote attackers to execute arbitrary code. The connected documents consistently describe the flaw as an X...

4.8CVSS5.3AI score0.00932EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/01/23 1:15 p.m.2 views

CVE-2019-19837

Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests...

5.3CVSS6.1AI score0.01994EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/12/13 12:0 a.m.6 views

PT-2019-15960 · Telerik · Telerik Ui For Asp.Net Ajax

Name of the Vulnerable Software and Affected Versions: Telerik UI for ASP.NET AJAX versions all versions of RadChart Description: The issue allows a remote attacker to read and delete specific image files on the server through a specially crafted request, exploiting path traversal in RadChart. Th...

9.8CVSS9.2AI score0.02991EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2018/08/10 12:0 a.m.5 views

PT-2018-3326 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS version 6.0.2 Description: The issue is related to the incorrect operation of the authentication mechanism in ABB eSOMS. This can allow a remote attacker to gain unauthorized access to the system if LDAP is configured for anonymous...

9.8CVSS9.7AI score0.04807EPSS
Exploits0References8
Prion
Prion
added 2017/12/19 3:29 p.m.11 views

Code injection

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via 1 the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or 2 vectors involving curl support of the "file" schema in the...

6.8CVSS6.3AI score0.02012EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Absolute News Manager .NET 5.1 pages/default.aspx template Variable Remote File Access

No description provided by source. source: http://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal...

7.1AI score
Exploits0
Rows per page
Query Builder