Code injection

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

Cross site request forgery (csrf)

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

Cross site request forgery (csrf)

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

Cross site request forgery (csrf)

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

Cross site request forgery (csrf)

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48249

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...

CVE-2023-48249

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...

CVE-2023-48249

The CVE-2023-48249 entry concerns Bosch Nexo Cordless Nutrunner devices. Affected component: the application layer handling HTTP requests on these devices. Root cause: an authenticated remote attacker can enumerate arbitrary folders across all system paths under the application OS user (root) via...

CVE-2023-48247

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48247

Summary: CVE-2023-48247 describes an unauthenticated remote exploit that allows reading arbitrary files under the application’s OS user (root) context via a crafted HTTP request. The vulnerability is documented across multiple feeds (NVD, Red Hat, CVE List) with a CVSSv3.1 base score of 7.5 (HIGH...

CVE-2023-48247

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48246

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48246

CVE-2023-48246 affects Bosch Nexo/Nexo-OS devices. A crafted HTTP request can trigger downloading arbitrary files from all system paths under the application’s OS user context (root). Documented impact is file disclosure with root privileges; no exploitation details or likelihood provided. Public...

CVE-2023-48246

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48245

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48245

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48245

CVE-2023-48245 affects Bosch Nexo OS (and related Bosch Nexo products) where an unauthenticated remote attacker can upload arbitrary files in the application OS user context (root) via a crafted HTTP request. The connected sources corroborate the vulnerability exists in the Nexo/OS environment an...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...

CVE-2023-48244

CVE-2023-48244 describes a vulnerability that allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. The documents do not publicly specify affected products, versions, or the exact component/file, nor a confirm...

CVE-2023-48244

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request...