Lucene search
+L

540 matches found

nvd
nvd
added 2025/12/11 10:15 p.m.4 views

CVE-2024-58309

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...

9.8CVSS0.00506EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/12/05 9:34 p.m.11 views

CVE-2024-58277

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access...

8.7CVSS7.4AI score0.0039EPSS
Exploits1References1
euvd
euvd
added 2025/12/04 9:31 p.m.7 views

EUVD-2025-201271

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access...

8.7CVSS6.8AI score0.0039EPSS
Exploits1References4
cve
cve
added 2025/12/04 8:42 p.m.18 views

CVE-2024-58277

CVE-2024-58277 affects the R Radio Network FM Transmitter v1.07, where an unauthenticated actor can access the admin password via the system.cgi endpoint, enabling authentication bypass and FM station setup access. Public sources (Zero Science Lab) describe an improper access control allowing dis...

8.7CVSS7AI score0.0039EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/12/04 12:0 a.m.12 views

PT-2025-49133

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access...

8.7CVSS7.4AI score0.0039EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.14 views

CVE-2025-66251

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz...

9.1CVSS7AI score0.00436EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.15 views

CVE-2025-66253

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

9.9CVSS8.6AI score0.02135EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.15 views

CVE-2025-66259

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

9.8CVSS7.4AI score0.00589EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.11 views

CVE-2025-66262

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive...

9.8CVSS7.4AI score0.01274EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.10 views

CVE-2025-66250

Unauthenticated Arbitrary File Upload statuscontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/statuscontents.php...

9.8CVSS7.3AI score0.00391EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.16 views

CVE-2025-66261

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

9.9CVSS9.1AI score0.02135EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.12 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.6AI score0.00351EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/11/27 12:58 a.m.13 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00167EPSS
Exploits1References1
euvd
euvd
added 2025/11/26 3:30 a.m.7 views

EUVD-2025-199680

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...

8.4CVSS6.4AI score0.00324EPSS
Exploits1References2
euvd
euvd
added 2025/11/26 3:30 a.m.7 views

EUVD-2025-199676

Unauthenticated Arbitrary File Upload patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patchcontents.php allows uploading malicious files...

9.9CVSS6.8AI score0.00391EPSS
Exploits1References2
euvd
euvd
added 2025/11/26 3:30 a.m.6 views

EUVD-2025-199678

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

7.8CVSS6.7AI score0.00343EPSS
Exploits1References2
nvd
nvd
added 2025/11/26 1:16 a.m.7 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS0.00167EPSS
Exploits1References1
nvd
nvd
added 2025/11/26 1:16 a.m.10 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS0.00351EPSS
Exploits1References1
nvd
nvd
added 2025/11/26 1:16 a.m.10 views

CVE-2025-66252

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...

8.4CVSS0.00324EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/11/26 12:52 a.m.3 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.2AI score0.00351EPSS
Exploits1References1
Rows per page
Query Builder