17 matches found
Dozzle 代码问题漏洞
Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 had code vulnerabilities. These vulnerabilities stemmed from the fact that the POST /api/notifications/test-webhook endpoint was not authenticated during default...
EUVD-2020-0230
Malware in sbrugna...
EUVD-2022-50320
Malicious code in bioql PyPI...
EUVD-2023-2691
Malicious code in bioql PyPI...
CVE-2022-47560
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
CVE-2022-47560
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
Design/Logic Flaw
UNSUPPPORTED WHEN ASSIGNED The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
CVE-2022-47560 Cleartext Transmission of Sensitive Information in Ormazabal products
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
CVE-2022-47560
CVE-2022-47560 affects ekorCCP and ekorRCI devices. Root cause: lack of web request control enables an attacker to craft custom requests while a user is logged in, potentially triggering malicious actions. Documented impacts include higher confidentiality risk (CVE/metrics note HIGH confidentiali...
CVE-2022-47560 Cleartext Transmission of Sensitive Information in Ormazabal products
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in...
PT-2023-15403 · Ekorccp +1 · Ekorccp +1
Name of the Vulnerable Software and Affected Versions: ekorCCP affected versions not specified ekorRCI affected versions not specified Description: The lack of web request control on devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged i...
PT-2023-15401 · Ekorccp +1 · Ekorccp +1
Name of the Vulnerable Software and Affected Versions: ekorCCP and ekorRCI affected versions not specified Description: The issue is related to a lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customized requests to execute malicious actions when a...
Microsoft Teams "Give/Request Control" option not available from the VDI in Screen Share
Microsoft Teams "Give/Request Control" option is not available from the VDI while having Screen Share...
CVE-2018-17566
In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request...
Responsive Filemanager 9.13.1 Server-Side Request Forgery
Exploit Title: Responsive filemanager - SSRF Date: 29/07/2018 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsivefilemanager.zip Version: 9.13.1 Tested on: responsi...
Request Participants beside Reporter can remove other participants.
h3. Summary: Apparently, participants of a request have a control to whom the request is "Shared" with even though it is not the Reporter. Hence, they can actually remove themselves from the Request and unable to view it after that. Also, they can remove other parties from the request as well. h3...
innd-2.2.2.txt
Newest innd 2.2.2, probably the most popular usenet news server as well as previous versions contain remotely exploitable, trivial on-stack buffer overflow in control articles handler. Offending piece of code in innd/art.c, function ARTcancelverify: if !EQlocal, p files = NULL; voidsprintfbuff,...