15 matches found
CVE-2026-3555 Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this...
CVE-2024-25840
In the module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack...
CVE-2024-24309
In the module "Survey TMA" ecomizsurveytma up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction...
CVE-2024-48052
In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...
CVE-2023-6554
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...
CVE-2023-43984
Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the pscustomer table...
CVE-2023-30195
In the module "Detailed Order" lgdetailedorder in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json...
CVE-2024-48052
In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...
PT-2024-21152 · Unknown · Prestasalesmanager +1
Name of the Vulnerable Software and Affected Versions: PrestaShop module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager versions up to 9.0 Description: A guest can download personal information without restriction by performing a path traversal attack in the affected...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop versions prior to 3.5.1, which stems from a vulnerability that...
CVE-2023-43984
CVE-2023-43984 affects the PrestaShop Smart Soft Advanced Export module. Before v4.4.7, insecure permissions allow unauthenticated attackers to download user data from the ps_customer table due to improper access controls in the advancedexport component. Impact is user information disclosure; CVS...
CVE-2021-4375 Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...
Orange Station SQL注入漏洞
Orange Station is a garage management system by Mayuri K. Personal developer. It helps users to manage all vehicles, cars and motorcycles. Orange Station version 1.0 suffers from a SQL injection vulnerability that stems from a security issue with the username parameter, which can be exploited by ...
Multiple Vulnerabilities in Cisco Identity Services Engine
Cisco Identity Services Engine ISE contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected b...
Cahier de texte 2.0 - Database Backup Source Disclosure
Cahier de texte 2.0 - Database Backup Source Disclosure !/usr/bin/perl INFORMATIONS ============ Affected.scr..: Cahier de texte V2.0 Poc.ID........: 15061124 Type..........: Predictable backup filename, Source disclosure Risk.level....: High Conditions....: registerglobals = on Src.download..:...