Lucene search
+L

200 matches found

ptsecurity
ptsecurity
added 2025/03/10 12:0 a.m.5 views

PT-2025-10645

Name of the Vulnerable Software and Affected Versions Nintex Automation versions 5.6 through 5.7 Description The issue concerns configuration files in the K2 SmartForms Designer folder that contain passwords readable by unauthorized users. Recommendations For Nintex Automation versions 5.6 throug...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References7
cvelist
cvelist
added 2025/03/10 12:0 a.m.10 views

CVE-2025-27926

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files web.config containing passwords that are readable by unauthorized users...

4.3CVSS0.00322EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/10 12:0 a.m.3 views

CVE-2025-27926

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files web.config containing passwords that are readable by unauthorized users...

4.3CVSS4.7AI score0.00322EPSS
Exploits0References1
openbugbounty
openbugbounty
added 2024/04/08 1:50 p.m.13 views

kotwa-k2.pl Cross Site Scripting vulnerability OBB-3909739

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
openbugbounty
openbugbounty
added 2023/12/12 8:46 a.m.8 views

k2.tech Cross Site Scripting vulnerability OBB-3810875

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
osv
osv
added 2023/08/25 4:15 p.m.3 views

CVE-2023-40796

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call...

7.8CVSS5.8AI score
Exploits0References1
nvd
nvd
added 2023/08/25 4:15 p.m.18 views

CVE-2023-40796

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call...

7.8CVSS7.9AI score0.00844EPSS
Exploits0References1
attackerkb
attackerkb
added 2023/08/25 4:15 p.m.12 views

CVE-2023-40796

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call...

7.8CVSS7.1AI score0.00844EPSS
Exploits0References2
prion
prion
added 2023/08/25 4:15 p.m.28 views

Command injection

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call...

4.4CVSS7.9AI score0.00844EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2023/08/25 12:0 a.m.6 views

PHICOMM K2 命令注入漏洞

The PHICOMM K2 is a wireless router from the Chinese company PHICOMM. A command injection vulnerability exists in PHICOMM k2 version v22.6.529.216, which stems from the presence of a command injection vulnerability...

7.8CVSS7.4AI score0.00844EPSS
Exploits0References2
cve
cve
added 2023/08/25 12:0 a.m.76 views

CVE-2023-40796

Phicomm K2 devices, specifically v22.6.529.216, are affected by a command injection vulnerability in the luci.sys.call function. Root cause: insecure handling in luci.sys.call enables local exploitation with user interaction, potentially leading to remote command execution with high impact. Explo...

7.8CVSS7.9AI score0.00844EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2023/08/25 12:0 a.m.6 views

PT-2023-27640 · Phicomm · Phicomm K2

Name of the Vulnerable Software and Affected Versions: Phicomm k2 version 22.6.529.216 Description: The Phicomm k2 router contains a command injection vulnerability via the luci.sys.call function. This issue allows for remote command execution. Recommendations: For Phicomm k2 version 22.6.529.216...

7.8CVSS8AI score0.00844EPSS
Exploits0References7
cvelist
cvelist
added 2023/08/25 12:0 a.m.25 views

CVE-2023-40796

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call...

8.1AI score0.00844EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/08/25 12:0 a.m.13 views

CVE-2023-40796

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call...

8.2AI score0.00844EPSS
Exploits0References1
openbugbounty
openbugbounty
added 2023/05/16 2:39 a.m.14 views

k2-systems.com Cross Site Scripting vulnerability OBB-3341719

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
susecve
susecve
added 2023/02/15 6:3 a.m.6 views

SUSE CVE-2009-2395

SQL injection vulnerability in the K2 comk2 component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php...

7.5CVSS8.8AI score0.03029EPSS
Exploits2References3
osv
osv
added 2023/01/27 3:15 p.m.6 views

CVE-2022-48071

Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext...

7.5CVSS5.8AI score0.00441EPSS
Exploits1References1
nvd
nvd
added 2023/01/27 3:15 p.m.35 views

CVE-2022-48071

Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext...

7.5CVSS7.6AI score0.00441EPSS
Exploits1References1
osv
osv
added 2023/01/27 3:15 p.m.4 views

CVE-2022-48070

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

7.8CVSS5.8AI score0.00899EPSS
Exploits1References1
nvd
nvd
added 2023/01/27 3:15 p.m.35 views

CVE-2022-48070

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

7.8CVSS7.9AI score0.00899EPSS
Exploits1References1
Rows per page
Query Builder