74 matches found
CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web
Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting XSS vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to...
Exploit for SQL Injection in Automattic Woocommerce_Blocks
CVE-2021-32789 Authenticated Blind SQL Injection. Wordpress wo...
Command injection
An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...
CVE-2023-50466
The CVE-2023-50466 issue affects Weintek cMT2078X EasyWeb Web, Version v2.1.3, OS v20220215. The vulnerability is an authenticated command injection in the HMI Name parameter, allowing an attacker with valid credentials to execute arbitrary code or access sensitive information. Affected component...
CVE-2023-50466
An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter...
TOTOLINK X2000R Buffer Error Vulnerability
The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web version, which stems from a buffer overflow issue in the formWlanRedirect method...
TOTOLINK X2000R Buffer Error Vulnerability
The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web version, which stems from a buffer overflow issue in the formWirelessTbl method...
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway. Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink...
CVE-2023-3243
UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...
CVE-2023-3243
UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...
Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
...
CVE-2023-23460
Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass...
Authentication flaw
Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass...
Grup Arge Energy and Control Systems SmartPower Energy Management System 输入验证错误漏洞
Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed specifically to improve energy efficiency in organizations. A security vulnerability exists in Grup Arge Energy and Control Systems SmartPower Energy...
Carel pCOWeb 安全漏洞
Carel pCOWeb is a programmable control card. A security vulnerability exists in Carel pCOWeb card BIOS version v6.27, BOOT version v5.00, and web version v2.2. An attacker could use this vulnerability to gain access to the configuration and service interfaces...
ai.konduit.serving:konduit-serving-api (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-cli (>=0.0.2 <=0.3.0) +1764 more potentially affected by CVE-2019-17640 via io.vertx:vertx-web (>=3.0.0 <=3.9.3)
io.vertx:vertx-web MAVEN version =3.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =19.9.0, =22.3.2 and more Source cves: CVE-2019-17640 Source advisory: OSV:GHSA-VJW7-6GFQ-6WF5...
Weak Password Vulnerability in Goldilocks SMS Middleware Web Edition
Kindi SMS middleware Web Edition is designed to build a hardware device-based SMS data exchange platform. A weak password vulnerability exists in Kindi SMS Middleware Web Edition, which can be exploited by attackers to obtain sensitive information...
WhatsApp is reportedly working on web version without connected phone
By Waqas Apparently, WhatsApp is working on a Universal Windows Platform that would let you use the app on a PC without using your smartphone. This is a post from HackRead.com Read the original post: WhatsApp is reportedly working on web version without connected phone...
CVE-2020-23533
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...
SQL Injection Vulnerability in WEB Version of Online Education System of Shandong Wanyue Information Technology Co.
WEB version of Wanyue online education system is an online education system developed by Shandong Wanyue Information Technology Co. WEB version of Shandong Wanyue Online Education System has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from th...