PT-2023-31946 · Brave · Brave Browser

Name of the Vulnerable Software and Affected Versions: Brave Browser versions prior to 1.59.40 Description: The issue is related to the improper restriction of the schema for WebUI factory and redirect in Brave Browser. This is connected to the files browser/brave content browser client.cc and...

CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

CVE-2022-39818

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system...

Sql injection

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

Command injection

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system...

CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

CVE-2022-39822

Summary: CVE-2022-39822 is a SQL injection vulnerability affecting Nokia NFM-T R19.9, specifically in the VM Manager WebUI at /cgi-bin/R19.9/easy1350.pl. The issue can be triggered via the HTTP GET parameters id or host, and exploitation requires an authenticated attacker. The available connected...

CVE-2022-41761

The issue is an Absolute Path Traversal in Nokia NFM-T R19.9 VM Manager WebUI. Affected component is the endpoint /cgi-bin/R19.9/viewlog.pl, exploitable via the logfile parameter by an authenticated remote attacker to read arbitrary files. Root cause is path traversal in that endpoint; no public ...

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

CVE-2022-39818

In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system...

CVE-2022-39822

In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...

PT-2023-13730 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An OS Command Injection issue occurs in the /cgi-bin/R19.9/log.pl endpoint of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands with root privileges...

Traefik docker container using 100% CPU

Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the...

The vulnerability in the interaction interface with the Aria2 file downloader’s WebUI-Aria2 lies in the incorrect limitation of the path name for the restricted access directory. This allows a perpetrator to disclose protected information.

The vulnerability in the interaction interface with the Aria2 file downloader’s WebUI-Aria2 relates to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198 An Exploitation script developed to exploit the...

Stable Diffusion WebUI Remote Command Execution Vulnerability

Stable Diffusion WebUI is an AI image processing tool developed by AUTOMATIC1111 based on the Stable Diffusion AI model, which supports file creation and image creation. A remote command execution vulnerability in Stable Diffusion WebUI, which is caused by not filtering user input when installing...

CVE-2023-46315

The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...

CVE-2023-46315

The zanllp sd-webui-infinite-image-browsing aka Infinite Image Browsing extension before 977815a for stable-diffusion-webui aka Stable Diffusion web UI, if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL,...