CVE-2022-45426

Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files...

CVE-2018-10084

CMS Made Simple CMSMS through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed...

CVE-2022-45426

Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files...

PT-2022-27509 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue allows for the unrestricted download of files. After gaining ordinary user permissions, an attacker can send a crafted packet to the vulnerable interface to downlo...

CVE-2021-45986

Tenda routers G1 and G3 v15.11.0.179502CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter...

Netgear RAX43 信任管理问题漏洞

Netgear RAX43 is a wireless router from Netgear USA.A security vulnerability exists in Netgear RAX43, which stems from the use of hard-coded credentials. Because the configuration backup is encrypted, it appears that an ordinary user is not intended to be able to manipulate the configuration...

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...

Wando ezoffice Collaboration Management Platform has an overstepping vulnerability

Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. Wando ezOFFICE Collaborative Management Platform has an overstepping vulnerability that allows an attacker to successfully achieve elevation of privilege through ordinary user identity...

Win32k Forms Creation Denial of Service Vulnerability

Win32k.sys is a multi-user management driver file for Windows XP. There is a denial-of-service vulnerability in Win32k form creation, which occurs when a parameter in a system service function in Win32k.sys fails to be correctly checked, causing the local kernel to deny service when the user runs...

PoloMeeting Video Conferencing Software Elevation of Privilege Vulnerability

PoloMeeting video conferencing software is a network video conferencing system, the system supports full HD, distributed cluster architecture, the main features of the system include: remote audio and video communication, electronic whiteboard, document collaboration, file transfer, text...

2532/Gigs <= 1.2.2 - Arbitrary Database Backup/Download Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ 2532|Gigs = 1.2.2 Arbitrary Remote Database Backup/Download +==-- --==+================================================================================+==-- Discover...

vlock vulnerability in RedHat 7.0

I've tried to lock all virtual consoles in RedHat 7.0 using vlock, which is delivered with this release of RedHat. If user root locks all consoles - it's no problem, but if normal user locks consoles then anybody can unlock without typing a password. Try to use it in the following way: 1. logon a...