177 matches found
LB-LINK BL-W1210M Security Breach
LB-LINK BL-W1210M is a wireless router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-W1210M v2.0, which stems from incorrect access control...
CVE-2024-33374
CVE-2024-33374 affects the LB-LINK BL-W1210M v2.0 router. The issue is an incorrect access control in the UART/Serial interface that allows attackers to reach the root terminal without authentication. The CVSS base score is 9.8 (CRITICAL) with NETWORK attack vector, low complexity, no privileges ...
PT-2024-25222 · Lb Link · Lb-Link Bl-W1210M
Name of the Vulnerable Software and Affected Versions: LB-LINK BL-W1210M version 2.0 Description: The issue concerns the storage of user credentials in plaintext within the router's firmware. This means that sensitive information, such as usernames and passwords, is not encrypted and can be easil...
Heap Based Buffer Overflow
gtkwave is vulnerable to Heap Based Buffer Overflow. The vulnerability is due to insufficient bounds checking in the fstReaderIterBlocks2 chaintable parsing functionality using chaintable of FSTBLVCDATA and FSTBLVCDATADYNALIAS , allowing attackers to execute arbitrary code by crafting a specially...
bl-earth.jp Improper Access Control vulnerability OBB-3843454
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Default credentials
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
CVE-2023-46355
CVE-2023-46355—CSV Feeds PRO (PrestaShop) affects Bl Modules csvfeeds module prior to version 2.6.1. The root cause is overly permissive access control that does not require an administrator to authenticate when accessing feeds, allowing guests to download exports and potentially leak personal da...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
Ubuntu 16.04 ESM : bl vulnerability (USN-5159-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5159-1 advisory. It was discovered that bl incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Tenable has extracted the...
CVE-2023-39643
Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...
CVE-2023-39643
Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...
Sql injection
Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds...
CVE-2023-39643
PrestaShop xmlfeeds module (Bl Modules) before version 3.9.8 is vulnerable to SQL injection via the component SearchApiXml::Xmlfeeds(). The issue has a very high impact (CVE-2023-39643) with a CVSS v3.1 base score of 9.8 (Network attack, no authentication, user interaction not required). Affected...
PT-2023-27047 · Unknown · Bl Modules Xmlfeeds
Name of the Vulnerable Software and Affected Versions: Bl Modules xmlfeeds versions prior to 3.9.8 Description: The issue is related to a SQL injection vulnerability. It affects the component SearchApiXml::Xmlfeeds. Recommendations: For versions prior to 3.9.8, update to version 3.9.8 or later to...
bl-india.com Cross Site Scripting vulnerability OBB-3365180
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-26801
CVE-2023-26801 affects LB-LINK BL-AC1900_2.0 v1.0.1, BL-WR9000 v2.4.9, BL-X26 v1.2.5, and BL-LTE300 v1.0.8. The vulnerability is a command injection via the mac, time1, and time2 parameters in /goform/set_LimitClient_cfg. Root cause involves improper input handling in the /goform/set_LimitClient_...
VulnCheck KEV: CVE-2023-26801
LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/setLimitClientcfg...
Ubuntu: Security Advisory (USN-5159-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
bl-school.com Cross Site Scripting vulnerability OBB-2837308
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
USN-5159-1 node-bl vulnerability
It was discovered that bl incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...