180 matches found
PT-2024-11622 · Motorola · Q14 Mesh Router Firmware
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: An authentication bypass issue could allow an attacker to access API functions without authentication. Recommendations: At the moment, there is no information about a newer version that...
CVE-2024-40778
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be viewed without authentication...
Multiple products from Check Point Software Technologies vulnerable to information disclosure
Overview Multiple products from Check Point Software Technologies contain an information disclosure vulnerability CWE-200,CVE-2024-24919. JPCERT/CC coordinated with Check Point Software Technologies to publish this advisory in order to notify users of this vulnerability. Impact A remote attacker...
Nepstech Router Security Vulnerability
Nepstech Router is a series of routers from Nepstech. A security vulnerability exists in Nepstech Router xpon terminal NTPL-Xpon1GFEVN. An attacker could exploit the vulnerability to execute arbitrary code via the router's Telnet port 2345 without authentication credentials...
CVE-2024-6144
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this...
CVE-2024-1659
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...
CVE-2023-44403
D-Link DAP-1325 HNAP SetWLanRadioSettings Channel Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...
CVE-2023-41190
D-Link DAP-1325 HNAP SetAPLanSettings IPAddr Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. Th...
CVE-2023-37322
D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-37312
D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35725
D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
Apple macOS Sonoma 安全漏洞
Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14.2, which originates from a process that may gain administrator privileges without proper authentication...
Apple macOS Sonoma Security Vulnerability
Apple macOS Sonoma is a desktop operating system from Apple, Inc. A security vulnerability exists in Apple macOS Sonoma version 14.4, which originates from viewing photos in hidden albums without authentication...
Artica Proxy Security Vulnerability
Artica Proxy is an open source Artica proxy solution from the Spanish company Artica. A security vulnerability exists in Artica Proxy that stems from the Rich Filemanager feature being enabled to run as root user without authentication by default...
The vulnerability of the Solr software solution for enterprise resource planning by Apache OFBiz, which allows attackers to modify protected information
The vulnerability of the Solr software for enterprise resource planning software Apache OFBiz lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify protected information...
CVE-2023-6020
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...
PT-2023-29273 · Apache · Apache Activemq
Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.16 Apache ActiveMQ versions prior to 5.16.7 Apache ActiveMQ versions prior to 5.17.6 Apache ActiveMQ versions prior to 5.18.3 Description: A new PoC exploit for the Apache ActiveMQ vulnerability allows...
CVE-2023-46992
TOTOLINK A3300R V17.0.0cu.557B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages...
The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster allows a intruder to disclose protected information.
The vulnerability of the CGI microprogramming interface of the D-Link DAP-1325 wireless signal booster exists due to the lack of authentication checks before access to functions is granted. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
CVE-2023-43135
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management...