8 matches found
EUVD-2023-56110
Malicious code in bioql PyPI...
CVE-2024-42362 GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated user role RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0...
CVE-2023-51389
Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...
CVE-2023-51653
Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is /api/monitor/detect. If there is a URL field, the address will be used by default. When the URL is...
CVE-2021-45043
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...
CVE-2021-45043
HD-Network Real-time Monitoring System 2.0 is affected by a Local File Inclusion vulnerability. The NUCLEI template for CVE-2021-45043 describes an LFI flaw exposed via the /language/lang s_Language parameter, enabling remote unauthenticated attackers to view confidential information (e.g., /etc/...
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion Vulnerability
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of Concept: GET...
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Date: 11/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of...