35 matches found
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
EUVD-2025-203804
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from path traversal and could lead to arbitrary command execution...
PT-2025-51740
Name of the Vulnerable Software and Affected Versions Allsky WebUI version v2024.12.06 06 Description A path traversal flaw exists in Allsky WebUI version v2024.12.06 06 that permits an unauthenticated remote attacker to execute commands on the system. This is achieved by submitting a specially...
CVE-2025-63414
CVE-2025-63414 describes a Path Traversal in Allsky WebUI v2024.12.06_06 that allows unauthenticated remote command execution via /html/execute.php with a crafted id payload, leading to full remote code execution. The issue is confirmed across multiple sources (Red Hat CVE entry, EUVD/ENISA entry...
CVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.0606 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the id parameter, an attacker can execute...
CVE-2025-65573
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
EUVD-2025-202322
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...
EUVD-2025-202320
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65573
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...
PT-2025-50214
Name of the Vulnerable Software and Affected Versions AllskyTeam AllSky version 2024.12.06 06 Description A Cross Site Scripting XSS issue exists in AllskyTeam AllSky version 2024.12.06 06. This allows remote attackers to execute arbitrary code through the config, filename, or extratext parameter...
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which stems from cross-site request forgery and could lead to a denial of service...
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from cross-site scripting and could lead to the execution of arbitrary code...
PT-2025-50210
Name of the Vulnerable Software and Affected Versions AllskyTeam AllSky version 2024.12.06 06 Description A Cross Site Request Forgery CSRF issue exists in AllskyTeam AllSky version 2024.12.06 06. This allows remote attackers to potentially cause a denial of service by exploiting the handle...
CVE-2025-65573
Cross Site Request Forgery CSRF vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to cause a denial of service via function handleinterfacePOSTandstatus...