CVE-2019-25233 AVE DOMINAplus 1.10.x Cross-Site Request Forgery and XSS Vulnerabilities

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser...

CVE-2019-25233

CVE-2019-25233 affects AVE DOMINAplus 1.10.x. The connected documents specify cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in this version, enabling attackers to perform administrative actions without user consent. Attackers can craft malicious pages to exploit...

CVE-2019-25233 AVE DOMINAplus 1.10.x Cross-Site Request Forgery and XSS Vulnerabilities

AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser...

AVE DOMINAplus 安全漏洞

AVE DOMINAplus is an application from AVE Italy. The best home automation system for next generation houses. A security vulnerability exists in AVE DOMINAplus version 1.10.x, which stems from vulnerability to cross-site request forgery and cross-site scripting attacks that could lead to the...

EUVD-2020-14762

Malware in sbrugna...

CVE-2020-21996

AVE DOMINAplus =1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario...

CVE-2020-21991

AVE DOMINAplus =1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication...

Unspecified Vulnerability in AVE DOMINAplus

AVE DOMINAplus is an application system from AVE Italy. The best home automation system for next generation houses. A security vulnerability exists in AVE DOMINAplus version 1.10.x and prior versions, which stems from the presence of an authentication bypass vulnerability. An attacker can exploit...

CVE-2020-21994

AVE DOMINAplus =1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful...

CVE-2020-21996

AVE DOMINAplus =1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario...

Authentication flaw

AVE DOMINAplus =1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful...

Command injection

AVE DOMINAplus =1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario...

CVE-2020-21996

CVE-2020-21996 affects AVE DOMINAplus <= 1.10.x with an unauthenticated reboot command execution that can be exploited over the network to cause denial of service. Affected components/versions include Web Server Code 53AB-WBS

CVE-2020-21996

AVE DOMINAplus =1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario...

CVE-2020-21994

AVE DOMINAplus =1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful...

CVE-2020-21994

CVE-2020-21994 affects AVE DOMINAplus <= 1.10.x. The issue is a clear-text credentials disclosure where an unauthenticated attacker can access an unprotected directory hosting /xml/authClients.xml and obtain administrative login information, enabling a authentication bypass. Reported as high-s...

CVE-2020-21991

AVE DOMINAplus =1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication...

CVE-2020-21991

The CVE-2020-21991 issue affects AVE DOMINAplus

CVE-2020-21991

AVE DOMINAplus =1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication...

PT-2021-10709 · Unknown · Ave Dominaplus

Name of the Vulnerable Software and Affected Versions: AVE DOMINAplus versions prior to 1.11 Description: The issue allows an unauthenticated attacker to obtain administrative login information by accessing an unprotected directory that hosts an XML file '/xml/authClients.xml', enabling a...