151 matches found
Design/Logic Flaw
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...
Sql injection
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
CVE-2024-1304 Multiple Vulnerabilities in Badger Meter's Monitool
Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...
CVE-2024-1304
CVE-2024-1304 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability is a cross-site scripting issue allowing a remote attacker to deliver a crafted JavaScript payload to an authenticated user, potentially hijacking the user’s browser session (partial impact on integrity...
CVE-2024-1303 Multiple Vulnerabilities in Badger Meter's Monitool
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...
CVE-2024-1303 Multiple Vulnerabilities in Badger Meter's Monitool
Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...
CVE-2024-1303
CVE-2024-1303 affects Badger Meter Monitool prior to 4.6.3. The root cause is an incorrect restriction that allows path traversal in the download-file function, enabling an authenticated attacker to retrieve arbitrary files from the device. Affected component: Monitool on compatible Badger Meter ...
CVE-2024-1302
CVE-2024-1302 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability allows a local attacker to manipulate the application’s file parameter to point to a log file, leading to exposure of sensitive data such as database credentials. Documents consistently describe an info...
CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...
CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool
Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...
CVE-2024-1301
CVE-2024-1301 describes an SQL injection in Badger Meter Monitool affecting versions 4.6.3 and earlier. The vulnerability arises from allowably crafting input sent to the server via the j_username parameter, enabling a remote attacker to retrieve information stored in the database. Multiple conne...
CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...
PT-2024-17887 · Badger Meter · Badger Meter Monitool
Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions prior to 4.6.3 Description: The issue allows an authenticated attacker to retrieve any file from the device using the download-file functionality due to incorrectly limiting the path to a restricted directory...
PT-2024-17878 · Badger Meter · Badger Meter Monitool
Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions up to 4.6.3 and earlier Description: The issue allows a local attacker to change the application's file parameter to a log file, obtaining sensitive information such as database credentials. Recommendations: For...
PT-2024-17869 · Badger Meter · Badger Meter Monitool
Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions 4.6.3 and earlier Description: A remote attacker could send a specially crafted SQL query to the server via the j username parameter and retrieve the information stored in the database. This issue allows an...
PT-2024-17897 · Badger Meter · Monitool
Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions up to 4.6.3 and earlier Description: The issue is a cross-site scripting vulnerability that allows a remote attacker to send a specially crafted javascript payload to an authenticated user, potentially hijacking...
ape-dasy (=0.1.0), ape-safe (=0.6.0) +21 more potentially affected by CVE-2024-22419 via vyper (>=0.3.0 <=0.3.9)
vyper PYPI version =0.3.0, =0.7.1, =0.5.0, =0.5.0, =0.2.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.17.0, =0.0.0, =2.1.6, =2.1.22 and more Source cves: CVE-2024-22419 Source advisory: OSV:GHSA-2Q8V-3GQQ-4F8P...
avotes-parser-cli (>=0.0.0 <=0.4.3), avotes-parser-core (>=0.0.0 <=0.4.3) +5 more potentially affected by CVE-2023-39363 via vyper (>=0.2.15 <=0.3.0)
vyper PYPI version =0.2.15, =0.0.0, =0.0.0, =0.4.3, =1.15.1, =0.2.1, =2.0.36, =2.1.22 Source cves: CVE-2023-39363 Source advisory: OSV:GHSA-5824-CM3X-3C38...
2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-31146 via vyper (>=0.1.0b12 <=0.3.7)
vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-31146 Source advisory: OSV:PYSEC-2023-77...