CVE-2023-48390

Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service...

Code injection

Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service...

CVE-2023-48388 Multisuns EasyLog web+ - Use of Hard-coded Password

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service...

CVE-2023-48375

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege...

CVE-2023-41357

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

Privilege escalation

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

CVE-2023-41351

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing...

Authentication flaw

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing...

CVE-2023-41357 Galaxy Software Services Vitals ESP - Arbitrary File Upload

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...

CVE-2023-41353 Chunghwa Telecom NOKIA G-040W-Q - Weak Password Requirements

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrup...

CVE-2023-41351 Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing...

CVE-2023-41351 Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing...

CVE-2023-41351

The CVE-2023-41351 entry concerns the Nokia G-040W-Q (Chunghwa Telecom) modem, where an authentication bypass allows an unauthenticated remote attacker to log in via an alternate URL as any existing user (including administrators), enabling arbitrary system operations or service disruption. Docum...

CVE-2023-35850 SUNNET WMPro - Command Injection

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

CVE-2023-37755

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator...

PT-2023-3550 · Hitron Technologies · Coda-5310

Name of the Vulnerable Software and Affected Versions: Hitron Technologies CODA-5310 affected versions not specified Description: The issue is related to insufficient authentication in the system configuration interface, allowing an unauthorized remote attacker to access the interface. This can...