9 matches found
EUVD-2024-19811
Malicious code in bioql PyPI...
SolarWinds Web Help Desk < 12.8.4 Multiple Vulnerabilities
The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 12.8.4 release notes. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...
CVE-2024-45709
CVE-2024-45709 affects SolarWinds Web Help Desk. The vulnerability is a local file read flaw that requires the product to be installed on Linux and configured to use a non-default development/test mode, which limits exposure. The available sources do not specify affected versions (beyond the Linu...
CVE-2020-4906
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system...
CVE-2020-4344
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 178247...
Web Viewer 1.0.0.193 (Samsung SRN-1670D) - Unrestricted File Upload
Web Viewer 1.0.0.193 Samsung SRN-1670D - Unrestricted File Upload Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com...
CVE-2017-16524
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...
Unrestricted file upload
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...
CVE-2017-16524
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...