35 matches found
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
EUVD-2025-203804
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
PT-2025-51740
Name of the Vulnerable Software and Affected Versions Allsky WebUI version v2024.12.06 06 Description A path traversal flaw exists in Allsky WebUI version v2024.12.06 06 that permits an unauthenticated remote attacker to execute commands on the system. This is achieved by submitting a specially...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from path traversal and could lead to arbitrary command execution...
CVE-2025-63414
CVE-2025-63414 describes a Path Traversal in Allsky WebUI v2024.12.06_06 that allows unauthenticated remote command execution via /html/execute.php with a crafted id payload, leading to full remote code execution. The issue is confirmed across multiple sources (Red Hat CVE entry, EUVD/ENISA entry...
CVE-2025-65573
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
EUVD-2025-202320
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
EUVD-2025-202322
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65573
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...
CVE-2025-65573
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65572
AllskyTeam AllSky v2024.12.06_06 is affected by a Cross Site Scripting (XSS) flaw in the allskySettings.php handler. The vulnerability arises from parameters (config, filename, extratext) that are processed by showMessages() in status_messages.php, allowing injected scripts to be printed and exec...
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from cross-site scripting and could lead to the execution of arbitrary code...
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which stems from cross-site request forgery and could lead to a denial of service...