CVE-2025-14780

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dishtradedetailget. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now...

CVE-2025-14780 Xiongwei Smart Catering Cloud Platform dish_trade_detail_get sql injection

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dishtradedetailget. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now...

CVE-2025-14780 Xiongwei Smart Catering Cloud Platform dish_trade_detail_get sql injection

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dishtradedetailget. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now...

CVE-2025-14780

CVE-2025-14780 affects Xiongwei Smart Catering Cloud Platform (version 2.1.6446.28761). The vulnerable element is an unknown function in the file /dishtrade/dish_trade_detail_get, where manipulation of the argument filter leads to a SQL injection. The vulnerability is exploitable remotely, and pu...

Sovell Smart Catering Cloud Platform SQL注入漏洞

Sovell Smart Catering Cloud Platform is a catering cloud platform from China's Xiongwei Sovell. An SQL injection vulnerability exists in Sovell Smart Catering Cloud Platform version 2.1.6446.28761, which stems from a misbehavior of the parameter filter in the file /dishtrade/dishtradedetailget,...

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

CVE-2025-67780

SpaceX Starlink Dish devices running firmware 2024.12.04.mr46620 are affected by CVE-2025-67780 due to unauthenticated LAN gRPC requests. The issue allows administrative actions via the diagnostic interface, and the cross-origin policy can be bypassed by omitting a Referer header, potentially ena...

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

PT-2025-50774

Name of the Vulnerable Software and Affected Versions SpaceX Starlink Dish versions 2024.12.04.mr46620 Description SpaceX Starlink Dish devices allow administrative actions via unauthenticated LAN gRPC requests, referred to as MARMALADE 2. The cross-origin policy can be bypassed by omitting a...

SpaceX Starlink Dish 安全漏洞

SpaceX Starlink Dish is a user terminal receiver from SpaceX in the United States. A security vulnerability exists in SpaceX Starlink Dish version 2024.12.04.mr46620, which stems from an unauthenticated LAN gRPC request that could result in administrative operations...

EUVD-2014-5591

Malware in sbrugna...

CVE-2023-52235

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF e.g., for a reboot via a DNS Rebinding attack...

SpaceX Starlink Wi-Fi router 安全漏洞

The SpaceX Starlink Wi-Fi router is a series of routers from SpaceX in the United States. A security vulnerability exists in SpaceX Starlink Wi-Fi router GEN 2 versions prior to 2023.53.0, Starlink Dish versions prior to 07dd2798-ff15-4722-a9ee-de28928aed34. An attacker could exploit this...

CVE-2023-52235

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF e.g., for a reboot via a DNS Rebinding attack...

Ransomware led to multiple DISH Network outages

Satellite broadcast organisation DISH experienced a major system issue over the past week which affected multiple services. Websites and channels were unavailable, logins were non-functional, and some folks couldnt even pay their bills as a result of the downtime. There was a suspicion that...

Online Food Ordering System SQL注入漏洞

Online Food Ordering System is an online food ordering system. Online Food Ordering System suffers from a SQL injection vulnerability that can be exploited by an attacker to perform SQL injection via the component /dish .php?resid=...

Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack

Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. And all they need is $300 worth of off-the-shelf equipment to pull it off. That’s the word from James Pavur, an academi...

Zomato: XSS in "explore-keywords-dropdown" results.

It seems that people have exploited this vulnerability before on this website, however, it remains unpatched, so here I am reporting the vulnerability. A XSS vulnerability exists when a restaurant or dish is created with a malicious name. The title of the dish or restaurant is not properly filter...