CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

EUVD-2023-28274

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

PT-2026-41704

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

CVE-2023-24215

CVE-2023-24215 concerns the NOVUS AirGate 4G firmware v1.1.16, where an incorrect access control on the /uci/get/ endpoint allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. The CVSS3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base score ...

NOVUS Automation AirGate 4G firmware 安全漏洞

NOVUS Automation AirGate 4G firmware is an industrial IoT gateway firmware system developed by NOVUS Automation in Brazil. Version 1.1.16 of NOVUS Automation AirGate 4G firmware contains a security vulnerability. This vulnerability stems from improper endpoint access control in the /uci/get/...

CVE-2023-24215

Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...

EUVD-2021-21468

Malware in sbrugna...

EUVD-2021-21467

Malware in sbrugna...

EUVD-2007-5123

Malware in sbrugna...

EUVD-2007-5104

Malware in sbrugna...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

CVE-2021-34820

Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was...

CVE-2007-5142

Cross-site scripting XSS vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

novus-ms.com Cross Site Scripting vulnerability OBB-3768887

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

TripSpark VEO SQL注入漏洞

TripSpark VEO is a software solution from TripSpark, Inc. designed for the traffic and transportation sector to manage and optimize the operations of vehicles, equipment, and personnel. A security vulnerability exists in the TripSpark VEO Transportation NovusEDU-2.2.x-XPBB-20201123-184084 version...

PT-2023-12172 · Tripspark · Tripspark Veo Transportation

Name of the Vulnerable Software and Affected Versions: TripSpark VEO Transportation versions 2.2.x NovusEDU versions 2.2.x Description: The issue allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL...

novusimmigration.com Cross Site Scripting vulnerability OBB-3365617

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...