CVE-2023-39445

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console...

CVE-2023-38576

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console...

CVE-2023-32626

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands...

Design/Logic Flaw

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands...

Design/Logic Flaw

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console...

Design/Logic Flaw

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console...

Denial of service

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions,...

CVE-2023-39445

The CVE-2023-39445 entry concerns ELECOM/LOGITEC LAN-WH300N/RE devices. A hidden functionality vulnerability allows an unauthenticated attacker to execute arbitrary code by delivering a specially crafted file to a management console. Affected platform: LAN-WH300N/RE (LOGITEC) across all versions....

CVE-2023-39445

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console...

CVE-2023-38576

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console...

CVE-2023-35991

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions,...

CVE-2023-32626

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands...

Directory traversal

Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code...

Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes

Description The web application incorrectly returns sensitive data to authenticated lower privileged users when making requests to export data from the 'Groups' module. This includes information such as the user's email address, password hash and whether two-factor authentication is configured...

EI Tube YouTube API 3 Cross Site Scripting

==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

Authentication flaw

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier...

CVE-2023-35082

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier...

Multiple vulnerabilities in ELECOM and LOGITEC network devices

Overview Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 Telnet service access restriction failure CWE-284 - CVE-2023-38132 Hidden Functionalit...

CVE-2023-35082

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. Recent assessments: sfewer-r7 at...

Stored XSS in the Cases functionality

Description When creating or editing a case, the web application fails to perform sufficient sanitisation on the description POST parameter, allowing users to inject HTML with malicious JavaScript events. The application does attempt to remove unauthorised elements and events; however, the testin...