13 matches found
EUVD-2013-1941
Malware in sbrugna...
EUVD-2025-4474
Malicious code in bioql PyPI...
CVE-2020-11966
In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2025-25605
Totolink X5000R running 9.1.0u.6369_B20230113 is affected by a command-injection in mtkwifi.lua’s apcli_wps_gen_pincode function. Root cause: input handling in that Lua function allows arbitrary command execution. Impact: network-accessible, authenticated? The CVSS shows network attack, no user i...
Design/Logic Flaw
In IQrouter through 3.3.1, the Lua function diagsetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2020-11964
IQrouter up to version 3.3.1 is affected by CVE-2020-11964 due to a vulnerability in the web-panel Lua function diag_set_password, which remote attackers can abuse to change the root password arbitrarily. Affected product: IQrouter firmware
PT-2020-12957 · Linux +2 · Linux +2
Name of the Vulnerable Software and Affected Versions: IQrouter versions 3.3.1 and earlier Description: The issue allows remote attackers to change the root password arbitrarily using the Lua function reset password in the web-panel. This can occur on a brand-new network that has not been...
DEBIAN-CVE-2013-1951
A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...
CVE-2013-1951
A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...
CVE-2013-1951
A cross-site scripting XSS vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names...
Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mako Server v2.5 OS Command Injection RCE', 'Description' = %q This module exploits a vulnerability found in Mako Server v2.5. It's possible to...
Fedora 18 : mediawiki-1.19.5-1.fc18 (2013-6171)
An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file disclosure, ...
Fedora 19 : mediawiki-1.20.4-1.fc19 (2013-5874)
An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 - Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file...