CVE-2026-2533

CVE-2026-2533 relates to the Tosei Self-service Washing Machine 4.02. A vulnerability in an unknown function of the file /cgi-bin/tosei_datasend.php allows manipulating the adr_txt_1 argument to achieve command injection. The flaw can be exploited remotely, and publicly available exploit code has...

PT-2026-8309

Name of the Vulnerable Software and Affected Versions Tosei Self-service Washing Machine version 4.02 Description A flaw exists in Tosei Self-service Washing Machine version 4.02. The issue impacts an unknown function within the /cgi-bin/tosei datasend.php file. Manipulation of the adr txt 1...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46863)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46863 advisory. - In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: a...

MAL-2025-10635 Malicious code in @zalastax/nolb-adr (npm)

The package @zalastax/nolb-adr was found to contain malicious code...

Malicious code in @zalastax/nolb-adr (npm)

The package @zalastax/nolb-adr was found to contain malicious code...

AZL-49897 CVE-2024-46863 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...

Anatomy of an Attack

In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using...

PT-2024-38667 · Unknown · Tosei Online Store Management System

Name of the Vulnerable Software and Affected Versions: Tosei Online Store Management System versions 4.02 through 4.04 Description: A critical issue affects some unknown functionality of the file /cgi-bin/p1 ftpserver.php. The manipulation of the adr txt argument leads to command injection. The...

adr-engineering.co.uk Cross Site Scripting vulnerability OBB-3494833

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

adrcommunication.com Cross Site Scripting vulnerability OBB-2851922

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'fileslist' Remote Stored XSS Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Remote Stored XSS Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model:...

Selea Targa IP OCR-ANPR Camera - CSRF Add Admin

Exploit Title: Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa...

Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - A vulnerability Centralized Thirdparty Jars jackson-databind exists. An unauthenticated, remote attacker can exploit this issue via the HTTP protocol ...

dashboard.aviationadr.org.uk XSS vulnerability

Open Bug Bounty ID: OBB-700278 Description| Value ---|--- Affected Website:| dashboard.aviationadr.org.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

Apple iOS aarch64 Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 152 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

CVE-2015-8572

CVE-2015-8572 affects Autodesk Design Review (ADR). Public details describe multiple buffer overflow vulnerabilities in ADR prior to the 2013 Hotfix 2, exploitable via crafted image data: (1) BMP or (2) FLI files, (3) encoded scan lines in PCX files, or (4) DataSubBlock or (5) GlobalColorTable in...

CVE-2015-8571

CVE-2015-8571 affects Autodesk Design Review prior to 2013 Hotfix 2. The issue is an integer overflow in BMP handling (biClrUsed) that can trigger a buffer overflow and allow remote code execution. Exploitation is possible via crafted BMP files; per ZDI, user interaction is required to exploit. R...

CVE-2014-9268

The CVE-2014-9268 entry concerns Autodesk Design Review’s AdView.AdViewer.1 ActiveX control. Affected component: AdView.AdViewer ActiveX in ADR prior to 2013 Hotfix 1. Root cause: improper parsing of DWF files enables an unauthenticated, remote attacker to execute arbitrary code. Impact: remote c...