83 matches found
CVE-2021-43939 Elcomplus SmartPtt Improper Authorization
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints...
CVE-2021-43932 Elcomplus SmartPtt Cross-site Scripting
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...
CVE-2021-43932
CVE-2021-43932 affects Elcomplus SmartPTT SCADA Server (notably SmartPTT SCADA Server v1.4) where an attacker can inject JavaScript into a parameter that executes when accessing the dashboard or main page. Root cause: CWE-79 (Cross‑Site Scripting) due to improper input neutralization. Impact per ...
CVE-2021-43932 Elcomplus SmartPtt Cross-site Scripting
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...
CVE-2021-43934
CVE-2021-43934 affects Elcomplus SmartPTT SCADA/SCADA Server (SmartPTT SCADA Server v1.4; SmartPTT) where the backup and restore/upload functionality does not adequately validate uploads, enabling an attacker to upload arbitrary files (Unrestricted Upload of File with Dangerous Type). The CVSS v3...
CVE-2021-43934 Elcomplus SmartPtt Unrestricted Upload of File with Dangerous Type
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files...
CVE-2021-43930
CVE-2021-43930 affects Elcomplus SmartPTT/SmartPTT SCADA Server backup and restore functionality. The root cause is improper validation of download requests in the backup/restore path traversal flow, enabling an attacker to access files outside the intended directory. Exploitation could allow dow...
CVE-2021-43930 Elcomplus SmartPtt Path Traversal
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...
The vulnerability of the Elcomplus SmartPPT SCADA server, related to authentication errors, allows attackers to escalate their privileges.
The vulnerability of the Elcomplus SmartPPT SCADA server is related to authentication errors. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the Elcomplus SmartPPT SCADA server, related to input validation errors, allows attackers to write arbitrary files to arbitrary locations within the file system.
The vulnerability of the Elcomplus SmartPPT SCADA server is related to input validation errors. Exploiting this vulnerability allows a malicious actor to write arbitrary files to arbitrary locations in the file system using a specially created HTTP request...
The vulnerability of the update loading function of the Elcomplus SmartPPT server allows a hacker to execute arbitrary code.
The vulnerability of the update loading function of the Elcomplus SmartPPT server lies in the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the configuration page of the Elcomplus SmartPPT server allows a hacker to inject arbitrary JavaScript code into critical server parameters.
The vulnerability of the configuration page of the Elcomplus SmartPPT server lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into critical server parameters through a specially...
The vulnerability of the Elcomplus SmartPPT SCADA server, related to information disclosure, allows a intruder to expose the protected information.
The vulnerability of the Elcomplus SmartPPT SCADA server is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the Elcomplus SmartPPT SCADA server, related to insufficient verification of the HTTP request source, allows a hacker to execute a CSRF attack.
The vulnerability of the Elcomplus SmartPPT SCADA server is related to insufficient security checks on the HTTP request source. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...
Elcomplus SmartPPT Information Disclosure Vulnerability
Elcomplus SmartPPT SCADA Server is an integrated voice and data scheduling software from Elcomplus, Inc. Elcomplus SmartPPT SCADA Server 1.4 is vulnerable to an information disclosure vulnerability that could be exploited by an unauthenticated attacker to request various files from the server...
Elcomplus SmartPPT Licensing Issue Vulnerability
Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus, U.S.A. An authorization issue vulnerability exists in Elcomplus SmartPPT, which can be exploited by a low-authentication attacker to access higher-level administrative authorizations by sending a request direct...
Elcomplus SmartPPT 信息泄露漏洞
Elcomplus SmartPPT SCADA Server is an integrated voice and data scheduling software from Elcomplus, Inc. Elcomplus SmartPPT SCADA Server 1.4 is vulnerable to an information disclosure vulnerability that could be exploited by an unauthenticated attacker to request various files from the server...
Elcomplus SmartPPT 代码问题漏洞
Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus USA. A code issue vulnerability exists in Elcomplus SmartPPT that stems from a lack of restriction on the size or number of files that can be uploaded. An attacker could exploit this vulnerability to upload or...
Elcomplus SmartPPT 安全漏洞
Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus, U.S.A. An authorization issue vulnerability exists in Elcomplus SmartPPT, which can be exploited by a low-authentication attacker to access higher-level administrative authorizations by sending a request direct...
Elcomplus SmartPPT 路径遍历漏洞
Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus USA. A path traversal vulnerability exists in Elcomplus SmartPPT that stems from the software using external input to construct a pathname that should be located in a restricted directory, but it fails to...