Lucene search
K

255 matches found

CNVD
CNVD
added 2023/04/21 12:0 a.m.6 views

Checkmk Information Disclosure Vulnerability (CNVD-2023-32192)

Checkmk is an editor. An information disclosure vulnerability exists in the Checkmk Appliance that stems from inadequate protection of sensitive information in Webconf. An attacker could exploit the vulnerability by reading log files to retrieve passwords...

5.5CVSS6.1AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-19051 · Seiko Epson · Seiko Epson Printers/Network Interface Web Config

Name of the Vulnerable Software and Affected Versions: SEIKO EPSON printers/network interface Web Config affected versions not specified Description: A cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with administrativ...

4.8CVSS6AI score0.00499EPSS
Exploits0References5
OSV
OSV
added 2023/03/31 4:15 p.m.5 views

CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

9CVSS7.4AI score0.01142EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/31 3:51 p.m.31 views

CVE-2023-0432 CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

9.6AI score0.01142EPSS
Exploits0References1
CVE
CVE
added 2023/03/31 3:51 p.m.56 views

CVE-2023-0432

The CVE-2023-0432 issue affects Delta Electronics DX-2100-L1-CN routers, where the Web Configuration Service contains an authenticated command injection vulnerability. Exploitation could allow an attacker with web service credentials to execute OS commands as root, potentially compromising the de...

9CVSS9.5AI score0.01142EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/31 3:51 p.m.10 views

CVE-2023-0432 CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

7.9AI score0.01142EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.6 views

The vulnerability of the web configuration service of Delta Electronics DX-2100-L1-CN microprogrammed router software allows a hacker to execute arbitrary code.

The vulnerability of the web configuration service of Delta Electronics DX-2100-L1-CN microprogrammed router software exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS8.1AI score0.01142EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/10 12:0 a.m.5 views

PT-2025-6090 · Tenda · Tenda W18E

Name of the Vulnerable Software and Affected Versions: Tenda W18E version 16.01.0.81625 Description: The issue concerns Incorrect Access Control, allowing an attacker to send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function. This enables unauthorized changes to WiFi...

8.8CVSS7AI score0.0063EPSS
Exploits1References9
OSV
OSV
added 2023/02/06 9:15 p.m.4 views

CVE-2022-48311

UNSUPPORTED WHEN ASSIGNED Cross Site Scripting XSS in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products tha...

9CVSS5.8AI score0.01006EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.5 views

Delta Electronics DX-2100 Series 跨站脚本漏洞

The Delta Electronics DX-2100 Series is a router from Delta Electronics China. A security vulnerability exists in Delta Electronics DX-2100-L1-CN version 1.5.0.10, which is caused due to a security issue in the "net diagnosis" function in the Web Configuration Service, and can be exploited in the...

9CVSS8.6AI score0.01142EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.17 views

Siemens SCALANCE X Authentication Bypass (CVE-2019-13933)

A vulnerability has been identified in SCALANCE X204RNA HSR, SCALANCE X204RNA PRP, SCALANCE X204RNA EEC HSR, SCALANCE X204RNA EEC PRP, SCALANCE X204RNA EEC PRP/HSR, SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-...

8.6CVSS7.7AI score0.01389EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2022/12/09 12:0 a.m.338 views

Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS

CyberDanube Security Research 20221130-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Delta Electronics DX-2100-L1-CN vulnerable version| V1.5.0.10 fixed version| V1.5.0.12 CVE number| - impact| High homepage|...

0.7AI score
Exploits0
OSV
OSV
added 2022/11/29 2:15 p.m.6 views

UBUNTU-CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

8.8CVSS7.3AI score0.01166EPSS
Exploits1References9
NVD
NVD
added 2022/09/12 6:15 p.m.25 views

CVE-2022-37860

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability...

9.8CVSS0.80012EPSS
Exploits1References2
Prion
Prion
added 2022/09/12 6:15 p.m.18 views

Command injection

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability...

7.5CVSS9.7AI score0.80012EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/07/20 4:15 p.m.20 views

CVE-2022-1264

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...

8.8CVSS0.00818EPSS
Exploits0References1
OSV
OSV
added 2022/07/20 4:15 p.m.3 views

CVE-2022-1264

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...

8.8CVSS5.9AI score0.00818EPSS
Exploits0References1
Prion
Prion
added 2022/07/20 4:15 p.m.11 views

Code injection

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...

6.5CVSS8.7AI score0.00818EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/07/20 3:34 p.m.55 views

CVE-2022-1264

Path traversal vulnerability CVE-2022-1264 affects Inductive Automation Ignition. An attacker with network access to the Ignition web configuration could run arbitrary code. Affected products: Ignition all 8.0 versions after 8.0.4, and all 8.1 versions prior to 8.1.10. MITIGATIONS: upgrade to Ign...

8.8CVSS7.7AI score0.00818EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/07/20 3:34 p.m.25 views

CVE-2022-1264 Inductive Automation Ignition

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...

6.8CVSS8.8AI score0.00818EPSS
Exploits0References1
Rows per page
Query Builder