5 matches found
PT-2025-27538
Name of the Vulnerable Software and Affected Versions: AVTECH DVR devices affected versions not specified Description: An unauthenticated command injection issue exists in AVTECH DVR devices. This is due to the lack of input sanitization when using wget in the "Search.cgi?action=cgi query"...
CVE-2024-51569 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is...
CVE-2024-3028
CVE-2024-3028 affects mintplex-labs/anything-llm. The issue is improper input validation in the system-preferences API where manipulating the logo_filename parameter can cause reading of arbitrary files (including .env) and deletion via remove-logo. Root cause: lack of proper sanitization of user...
PT-2020-6831 · Unknown +5 · Cifs-Utils +5
Name of the Vulnerable Software and Affected Versions: cifs-utils affected versions not specified Description: The issue is related to the mount.cifs command in cifs-utils, which invokes a shell when requesting the Samba password. This could allow an attacker to inject arbitrary commands,...
Torrential 1.2 - 'Getdox.php' Directory Traversal
source: https://www.securityfocus.com/bid/15530/info Torrential is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input. An attacker can exploit this issue to retrieve arbitrary remote PHP code on an affected computer with the privilege...