4151 matches found
CVE-2021-37436
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...
Amazon Echo Dot 安全漏洞
The Amazon Echo Dot is a voice-activated speaker from Amazon.com. It can be used to play music, control smart home devices, make phone calls, answer questions, set timers and alarms, and more using Alexa. The Amazon Echo Dot suffers from a security vulnerability that allows attackers to gain acce...
Cross-site Scripting (XSS) - Generic in emoncms/emoncms
✍️ Description Line 94 of theme.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in theme.php at line 94. 🕵️♂️ Proof of Concept $q = ""; if isset$GET'q' $q = $GET'q'; //get in line 16 //print in line...
CVE-2021-36123
An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on...
CVE-2021-36122
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParseSup/UnzipFileUpd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject...
CVE-2021-36124
An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection...
CVE-2021-36122
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParseSup/UnzipFileUpd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject...
CVE-2021-36123
An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on...
CVE-2021-36124
An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection...
CVE-2021-33578
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language SQL records, and manipulate data...
CVE-2021-36121
An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeedMnt/FileUploadUpd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files...
Sql injection
Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language SQL records, and manipulate data...
Directory traversal
An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeedMnt/FileUploadUpd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files...
Sql injection
An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection...
Design/Logic Flaw
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParseSup/UnzipFileUpd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject...
Design/Logic Flaw
An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on...
CVE-2021-36122
An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParseSup/UnzipFileUpd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject...
CVE-2021-36122
Echo ShareCare 8.15.5 contains a command argument injection in the UnzipFile feature (Access/EligFeedParse_Sup/UnzipFile_Upd.cfm) where remote input in the zippass parameter from an authenticated user can inject arbitrary arguments to 7z.exe. This is the concrete vulnerability described across CV...
CVE-2021-36121
An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeedMnt/FileUploadUpd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files...
CVE-2021-36121
Echo ShareCare 8.15.5 contains an unrestricted file upload vulnerability in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm, exploitable via the name1 parameter. Processing remote input from an authenticated user allows writing arbitrary files to arbitrary filesystem locations through ../ Directory Tr...