GHSA-35WR-X7V6-9FV2 Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

Summary When dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to...

CVE-2024-25011 Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability

Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue...

PT-2023-24911 · Etic Telecom · Etic Telecom Ras

Name of the Vulnerable Software and Affected Versions: ETIC Telecom RAS versions 4.7.0 and prior Description: The web management portal authentication is disabled by default in the affected versions. This could allow an attacker with adjacent network access to alter the configuration of the devic...

Multiple I-O DATA DEVICE wireless LAN routers default configuration does not set authentication

Overview The web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN routers from I-O DATA DEVICE disables authentication in the default configuration. The authentication for the web administration interface for the WN-APG/R-Series and WN-WAPG/R-Series wireless LAN...