Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offers a...

CVE-2023-3675

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Secomea GateManager Web GUI allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051...

CVE-2023-3675 Insufficient input validation when downloading certain file types.

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Secomea GateManager Web GUI allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051...

CVE-2023-3675

CVE-2023-3675 affects Secomea GateManager (Web GUI). The issue is a path traversal vulnerability in GateManager that allows reading data from system resources. Affected versions are 11.0.623074018 up to, but not including, 11.0.623373051. The Root Cause and Verified Impact are described as improp...

RaspAP Code Injection Vulnerability

RaspAP is application software for simple wireless AP setup and management of Debian-based devices. RaspAP raspap-webgui version 3.0.9 suffers from a code injection vulnerability that stems from the parameter country in the file include/provider.php that can lead to code injection...

CVE-2023-5650

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN seri...

CVE-2023-5650

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN seri...

Privilege escalation

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN seri...

CVE-2023-5650

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN seri...

CVE-2023-5650

CVE-2023-5650 describes an improper privilege management vulnerability in Zyxel ZySH that affects Zyxel ATP, USG FLEX (including 50(W)), USG20(W)-VPN, and VPN series firmware. A authenticated local attacker could exploit ZySH to modify the URL of the registration page in the device web GUI, enabl...

OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation Vulnerabilities

OPNsense versions 23.1.111, 23.7.3, and 23.7.4 suffer from cross site scripting vulnerabilities that can allow for privilege escalation. OPNsense 23.1.111 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation =========================================================== Highest Severity...

CVE-2023-4341

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

CVE-2023-4341 Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

CVE-2023-4341 Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI...

CVE-2023-4341

CVE-2023-4341 affects the Broadcom RAID Controller. The vulnerability allows privilege escalation to root by exploiting insecure folder creation via the Web GUI. The NVD entry notes a high-severity impact (CVSSv3.1: 9.8, HIGH for confidentiality, integrity, and availability; network attack vector...

RaspAP 2.8.7 Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RaspAP Unauthenticated Command Injection', 'Description' = %q RaspAP is feature-rich wireless router software that just works on many popular...

PT-2023-28820 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The issue is related to the creation of insecure folders by the Web GUI, which can lead to privilege escalation to root. Recommendations: At the moment, there is no...

CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing

Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and...

syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI

Impact 1. A compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for...

GHSA-9RP6-23GF-4C3H syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI

Impact 1. A compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for...