738 matches found
Milesight UR32L luci2-io file-export mib directory traversal vulnerability
Talos Vulnerability Report TALOS-2023-1695 Milesight UR32L luci2-io file-export mib directory traversal vulnerability July 6, 2023 CVE Number CVE-2023-23547 SUMMARY A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially...
Milesight UR32L vtysh_ubus _get_fw_logs OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1712 Milesight UR32L vtyshubus getfwlogs OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22299 SUMMARY An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted...
Milesight UR32L 安全漏洞
The Milesight UR32L is a 4G industrial router from China's Milesight. An access control error vulnerability exists in the Milesight UR32L eventcore feature, which can be exploited by an attacker to cause a denial of service via a specially crafted network request...
PT-2023-18408 · Milesight · Milesight Ur32L
Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: A command injection issue exists in the vtysh ubus get fw logs functionality. This can be triggered by a specially crafted network request, potentially leading to command execution. Recommendation...
PT-2023-19690 · Milesight · Milesight Ur32L
Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is related to OS command injection vulnerabilities in the urvpn client cmd name action functionality. A specially crafted network request can lead to arbitrary command execution. An...
Diagon 输入验证错误漏洞
Diagon is an interactive interpreter from the individual developer Arthur Sonzogni in France. An input validation error vulnerability exists in Diagon version v1.0.139, which stems from the presence of an access conflict vulnerability, where a specially crafted network request could result in a...
Diagon 缓冲区错误漏洞
Diagon is an interactive interpreter from the individual developer Arthur Sonzogni in France. A buffer error vulnerability exists in Diagon version v1.0.139, which stems from the presence of a heap-based buffer overflow vulnerability that can be triggered by an attacker sending a network request...
PT-2023-6163 · Yifan · Yifan Yf325
Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: Two heap-based buffer overflow vulnerabilities exist in the gwcfg cgi set manage post data functionality. A specially crafted network request can lead to a heap buffer overflow. An attacker can se...
CVE-2023-23599
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Design/Logic Flaw
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Thunderbird 102.7, and Firefox ESR 102.7...
CVE-2023-23599
CVE-2023-23599 affects Firefox <109, Firefox ESR <102.7, and Thunderbird
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 110, which originates after downloading a Windows. url shortcut from the local file system, an attacker could provide a remote path...
CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-23599
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-23599
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-29772
A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...
Cross site scripting
A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...
CVE-2023-29772
A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...
CVE-2023-29772
A Cross-site scripting XSS vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request...
CVE-2023-26925
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information...