51 matches found
LG LED Assistant - Thumbnail Path Traversal File Upload
A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed. id: CVE-2024-2863 info: name: LG LED Assistant - Thumbnail...
LG LED Assistant - Unauthenticated Password Reset
The /api/changePw endpoint in LG LED Assistant allows unauthenticated password resets when requests are considered to come from localhost. An attacker can spoof the X-Forwarded-For header with value 127.0.0.1 to trigger the behavior and receive a success response. id: CVE-2024-2862 info: name: LG...
VulnCheck KEV: CVE-2024-2862
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...
VulnCheck KEV: CVE-2024-2863
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2024-2862
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...
EUVD-2023-54467
Malicious code in bioql PyPI...
EUVD-2023-54468
Malicious code in bioql PyPI...
EUVD-2023-54469
Malicious code in bioql PyPI...
EUVD-2023-54466
Malicious code in bioql PyPI...
CVE-2024-2863
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2023-4616
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...
CVE-2024-2863
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2024-2863
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2024-2862
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...
CVE-2024-2862
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...
CVE-2024-2863 Path traversal via file upload on LG LED Assistant
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2024-2863 Path traversal via file upload on LG LED Assistant
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant...
CVE-2024-2862 Password reset vulnerability without authorization on LG LED Assistant
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...
CVE-2024-2862 Password reset vulnerability without authorization on LG LED Assistant
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...
CVE-2024-2862
LG LED Assistant is affected by CVE-2024-2862. The Nuclei template confirms an unauthenticated password reset path via the /api/changePw endpoint. It states that requests detected as coming from localhost can trigger the reset, achieved by spoofing the X-Forwarded-For header to 127.0.0.1 to obtai...