CVE-2023-48987

CVE-2023-48987 : The CU Solutions Group (CUSG) Content Management System (CMS) versions prior to 7.75 have a Blind SQL Injection in the pages.php component. A remote attacker can send a crafted script to exploit this, potentially executing arbitrary code, escalating privileges, and accessing sens...

PT-2024-4033 · Cu Solutions · Cu Solutions Group Content Management System

Name of the Vulnerable Software and Affected Versions: CU Solutions Group CUSG Content Management System CMS versions prior to 7.75 Description: The issue is related to a Blind SQL Injection vulnerability in the pages.php component, which can be exploited by a remote attacker to execute arbitrary...

TOTOLINK EX1200T 安全漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK EX1200T version V4.1.2cu.5232B20210713, which stems from the main method failing to properly filter construct command special characters, commands, and so on. An...

CVE-2023-36954

TOTOLINK CP300+ V5.2cu.7594B20200910 and before is vulnerable to command injection...

PT-2023-25755 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ versions = V5.2cu.7594 B20200910 Description: A stack overflow issue was discovered in the UploadCustomModule function via the File parameter. Recommendations: For TOTOLINK CP300+ versions = V5.2cu.7594 B20200910, consider...

CVE-2023-31584

GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting XSS vulnerability via the User Input field...

CVE-2023-31584

GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting XSS vulnerability via the User Input field...

PT-2023-23398 · Unknown · Cu/Silicon

Name of the Vulnerable Software and Affected Versions: cu/silicon version a9ef36 Description: The issue is a reflected cross-site scripting XSS vulnerability. It occurs via the User Input field, allowing potential attackers to inject malicious scripts. Recommendations: For cu/silicon version...

TOTOLINK A7100RU 操作系统命令注入漏洞

TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK A7100RU version V7.4cu.2313B20191024, which stems from a command injection vulnerability in that an attacker can obtain a stable root shell via a specially crafted payload...

cu-tipaza.dz Cross Site Scripting vulnerability OBB-3283056

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview cu-dashboard-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOlink A7100RU V7.4cu.2313B20191024 version, which stems from the rsabits parameter of the set/delStaticDhcpRules method containing a command...

Malicious code in cu-dashboard-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05a7db61863c75c4e403ac8634e0889a3980b57447fb6c65a10f21724a064fe1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-219 Malicious code in cu-dashboard-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05a7db61863c75c4e403ac8634e0889a3980b57447fb6c65a10f21724a064fe1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

VDA upgrade service fails when upgrading CU version

VDA does not upgrade when upgrading to next CU version. In Studio the upgrade starts, goes into In-Progress and moves to completed however, the installed version does not change. After a minute or two, the status moves back to upgrade available...

TOTOLINK A860R 安全漏洞

The TOTOLINK A860R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A860R version V4.1.2cu.5182B20201027, which originates from an unfiltered parameter in infostat.cgi, resulting in a buffer overflow...

cu-maghnia.edu.dz Cross Site Scripting vulnerability OBB-2888592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

TOTOLINK A800R 信任管理问题漏洞

The TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A800R version V4.1.2cu.5137B20200730, which originates from the inclusion of a hardcoded password for root in /etc/shadow.sample...

CVE-2021-42321

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: gwillcox-r7 at November 21, 2021 5:55pm UTC reported: A PoC for this vulnerability is now available at https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398. There is also a Metasploit module at...

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...