Kramer VIAware - Privilege Escalation and Remote Code Execution

Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through...

Kramer VIAware - Remote Code Execution

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames. id: CVE-2021-36356 info: name: Kramer VIAware - Remote Code Execution author: gy741 severity: critical description: KRAMER...

EUVD-2023-40635

Malicious code in bioql PyPI...

CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...

CVE-2019-17124

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control...

kramer-bouw.nl Improper Access Control vulnerability OBB-3922648

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

dr-kramer-ct.com Improper Access Control vulnerability OBB-3797656

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kramer-kunststofftechnik.de Improper Access Control vulnerability OBB-3778858

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

dr-kramer-ct.de Improper Access Control vulnerability OBB-3778312

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kramer-bedachung.de Improper Access Control vulnerability OBB-3770579

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-33468

KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical scree...

CVE-2023-36692

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin = 0.6.11 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin = 0.6.11 versions...

theodor-kramer.web-opac.at Cross Site Scripting vulnerability OBB-3514796

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

theodor-kramer.web-opac.at Cross Site Scripting vulnerability OBB-3413966

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Kramer VIA GO² SQL注入漏洞

The Kramer VIA GO² is a 4K wireless presentation device from Kramer. A security vulnerability exists in Kramer VIA GO² versions prior to 4.0.1.1326 that stems from vulnerability to SQL injection attacks...

Kramer VIA GO² 代码问题漏洞

The Kramer VIA GO² is a 4K wireless presentation device from Kramer. A security vulnerability exists in KramerAV VIA GO² versions prior to 4.0.1.1326 that stems from vulnerability to unauthenticated file uploads, which can lead to remote code execution RCE...

Kramer VIA GO² 安全漏洞

The Kramer VIA GO² is a 4K wireless presentation device from Kramer. A security vulnerability exists in Kramer VIA GO² versions prior to 4.0.1.1326, which stems from susceptibility to unauthenticated arbitrary file reading...

kramer-haustechnik.de Cross Site Scripting vulnerability OBB-3258963

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

VulnCheck KEV: CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix...