42 matches found
CVE-2020-36914
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...
CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...
CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...
QiHang Media Web Digital Signage 安全漏洞
QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A security vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which stems from the presence of a sensitive information disclosure vulnerability that could lead to the...
EUVD-2020-30835
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...
EUVD-2020-30834
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...
CVE-2020-36899
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...
CVE-2020-36898
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...
CVE-2020-36897
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...
CVE-2020-36898
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...
CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...
CVE-2020-36899
CVE-2020-36899 affects QiHang Media Web Digital Signage 3.0.9. An unauthenticated disclosure exists where an attacker can read arbitrary files and directory contents by manipulating unverified filename and path parameters via the QH.aspx endpoint (download/getAll actions). This results in a poten...
CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...
CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...
CVE-2020-36898
Summary: CVE-2020-36898 affects QiHang Media Web Digital Signage 3.0.9, exposing an unauthenticated file-deletion vulnerability in the QH.aspx endpoint. The issue allows a remote attacker to delete arbitrary files by POSTing a radius of file paths using directory traversal via the data parameter,...
CVE-2020-36897 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...
CVE-2020-36897 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...
CVE-2020-36897
QiHang Media Web Digital Signage 3.0.9 is affected by an unauthenticated remote code‑execution vulnerability in the QH.aspx file. The issue arises from the file‑upload functionality, where attackers can use the remotePath and fileToUpload parameters to write and execute arbitrary system commands ...
CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...
CVE-2020-36896
QiHang Media Web Digital Signage 3.0.9 has a cleartext credentials vulnerability where hardcoded admin credentials can be retrieved from an unprotected XML file (/xml/User/User.xml), enabling unauthenticated access and direct authentication bypass. This is evidenced across multiple sources (NVD, ...