231 matches found
CVE-2023-41919 Use of Hard-coded Credentials in Kiloview P1/P2 devices
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access...
CVE-2023-41919 Use of Hard-coded Credentials in Kiloview P1/P2 devices
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access...
CVE-2023-41918 Missing Authentication for Critical Function in Kiloview P1/P2 devices
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code...
CVE-2023-41918 Missing Authentication for Critical Function in Kiloview P1/P2 devices
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code...
CVE-2023-41917 Improper input validation in Kiloview P1/P2 devices allows for remote code execution
Inadequate input validation exposes the system to potential remote code execution RCE risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution...
CVE-2023-41917 Improper input validation in Kiloview P1/P2 devices allows for remote code execution
Inadequate input validation exposes the system to potential remote code execution RCE risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution...
Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder
Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...
Kiloview P1 and P2 Security Vulnerabilities
Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 and P2 that stems from the use of hard-coded credentials...
Kiloview P1 4G Video Encoder and P2 4G Video Encoder Security Vulnerabilities
Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder, which stems from disabling encryption on port 80, which may...
Kiloview P1 and P2 Security Vulnerabilities
The Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from Kiloview, a Chinese company. A security vulnerability exists in the Kiloview P1 and P2 that stems from the device's acceptance of the deprecated TLS protocol...
Kiloview P1 and P2 Security Vulnerabilities
Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from Kiloview China. A security vulnerability exists in the Kiloview P1 and P2. An attacker could exploit the vulnerability to execute unauthenticated commands that could manipulate data,...
Kiloview P1 and P2 Security Vulnerabilities
Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 and P2, which stems from insufficient input validation. The vulnerability can be exploited to execute arbitrary...
AutomationDirect Productivity PLCs
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : Productivity PLCs Vulnerabilities : Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer Overflow, Improper Access Control, Active...
io.hawt:hawtio-wildfly (=2.17.7), io.kokuwa.keycloak:keycloak-event-metrics (>=0.1.0 <=1.0.0) +133 more potentially affected by CVE-2023-6236 via org.wildfly.security:wildfly-elytron-http-oidc (>=1.15.7.Final <=2.2.4.Final)
org.wildfly.security:wildfly-elytron-http-oidc MAVEN version =1.15.7.Final, =0.1.0, =9.4.45.v20220203, =9.4.45.v20220203, =9.4.45.v20220203, =10.0.8, =12.0.1, =12.0.1, =12.0.1, =10.0.10, =13.0.0.CR1, =3.1.0.Final, =3.1.1.Alpha1 - org.jboss.resteasy.spring:galleon-feature-pack-layers-metadata-test...
p2.webcraftplugins.com Cross Site Scripting vulnerability OBB-3848546
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-45357
Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 6.14.0 is also a fixed release...
Sql injection
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
Sql injection
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
CVE-2023-38218 Incorrect Authorization - Customer account takeover
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation...
org.eclipse.jetty.documentation:jetty-documentation (>=10.0.10 <=10.0.15), org.eclipse.jetty.http3:http3-client (>=10.0.10 <=10.0.15) +6 more potentially affected by CVE-2023-36478 via org.eclipse.jetty.http3:http3-qpack (>=10.0.10 <=10.0.15)
org.eclipse.jetty.http3:http3-qpack MAVEN version =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =10.0.10, =5.26.1, =5.27.0 Source cves: CVE-2023-36478 Source advisory: OSV:GHSA-WGH7-54F2-X98R...