216 matches found
CVE-2023-22583
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
CVE-2023-25911
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters...
CVE-2023-22583
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
CVE-2023-22586
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter...
CVE-2023-22584
The Danfoss AK-EM100 stores login credentials in cleartext...
CVE-2023-22585
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter...
CVE-2023-22582
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting...
CVE-2023-22585
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter...
CVE-2023-22582
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting...
CVE-2023-25912
The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values...
Command injection
The Danfoss AK-EM100 web applications allow for OS command injection through the web application parameters...
Cross site scripting
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter...
Sql injection
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
Remote file inclusion
The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter...
CVE-2023-22582 Reflected Cross-Site Scripting in Danfoss AK-EM100
The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting...
CVE-2023-22583 SQL Injection in Danfoss AK-EM100
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
CVE-2023-25911
CVE-2023-25911 describes an authenticated OS command injection in Danfoss AK-EM100 web applications, exploitable via web-application parameters. Multiple connected sources confirm the issue and the impact (high/critical) with network access and low attack complexity, requiring low privileges and ...
CVE-2023-25911 Authenticated OS Command Injection in Danfoss AK-EM100
The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters...
CVE-2023-22583
CVE-2023-22583 affects the Danfoss AK-EM100 web-forms login functionality. The issue is an SQL injection vulnerability in the login forms, enabling potential unauthorized data access or manipulation. The core details across connected documents confirm the affected software (Danfoss AK-EM100 web i...
CVE-2023-22583 SQL Injection in Danfoss AK-EM100
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...