5284 matches found
CVE-2023-25199
A reflected cross-site scripting XSS vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...
CVE-2023-25200
An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...
CVE-2023-25200
The CVE-2023-25200 entry concerns MT Safeline X-Ray X3310 Webserver NXG 19.05 with an HTML injection vulnerability that can cause a remote attacker to render malicious HTML in a victim's browser and access sensitive information. Red Hat and other sources describe it as an HTML injection/XSS issue...
CVE-2024-27575
CVE-2024-27575 affects INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19. The vulnerability allows remote attackers to read arbitrary files via absolute path traversal, e.g. /cgi-bin/display?file=/etc/passwd. Some sources also raise a possibility of code execution via the same file path, thoug...
CVE-2024-27575
INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI...
INOTEC Sicherheitstechnik WebServer CPS220/64 安全漏洞
INOTEC Sicherheitstechnik WebServer CPS220/64 is a centralized battery system from INOTEC Sicherheitstechnik, Germany. A security vulnerability exists in INOTEC Sicherheitstechnik WebServer CPS220/64 version V.3.3.19, which originates from a vulnerability that allows remote attackers to execute...
CVE-2024-27575
INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI...
CVE-2023-25200
An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...
PT-2024-21957 · Inotec Sicherheitstechnik · Inotec Sicherheitstechnik Webserver Cps220/64
Name of the Vulnerable Software and Affected Versions: INOTEC Sicherheitstechnik WebServer CPS220/64 version 3.3.19 Description: The issue allows a remote attacker to read arbitrary files via absolute path traversal. For example, using the "/cgi-bin/display?file=/etc/passwd" URI, an attacker can...
Information Disclosure
apacheairflow is vulnerable to a Information Disclosure. The vulnerability is due to an insecure umask configuration in numerous Airflow components when running with the --daemon flag, resulting in a race condition that results in setting files within the airflow home directory world writable...
Exploit for Code Injection in Openplcproject Openplc_V3_Firmware
cve-2021-31630 OpenPLC WebServer v3 - Authenticated RCE T...
Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. Access t...
CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
DEBIAN-CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
CVE-2023-40747
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot...
CVE-2023-40747
Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot...
USN-6689-1: Rack vulnerabilities
It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-27539, CVE-2024-26141, CVE-2024-26146...