CVE-2020-36914

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...

CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...

EUVD-2020-30835

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...

CVE-2020-36898

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

CVE-2020-36898

Summary: CVE-2020-36898 affects QiHang Media Web Digital Signage 3.0.9, exposing an unauthenticated file-deletion vulnerability in the QH.aspx endpoint. The issue allows a remote attacker to delete arbitrary files by POSTing a radius of file paths using directory traversal via the data parameter,...

QiHang Media Web Digital Signage 代码问题漏洞

QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A code issue vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from a remote code execution in the QH.aspx file, which could lead to arbitrary command...

QiHang Media Web Digital Signage 安全漏洞

QiHang Media Web Digital Signage is a digital signage management software from China-based QiHang. A security vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which originates from the presence of plaintext credentials in an unprotected XML file, which could lead to...

QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion

QiHang Media Web QH.aspx Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected version: 3.0.9.0 Summary: Digital Signage Software. Desc: Input...