PT-2022-12066 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetNtp param...

PT-2022-11234 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi session creation functionality. This can be triggered by a specially-crafted HTTP request, preventing users from logging in. An...

PT-2022-12092 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetMask para...

PT-2022-12084 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetPtzPreset...

PT-2022-11232 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: An authentication bypass issue exists in the cgiserver.cgi Login functionality. A specially-crafted HTTP request can lead to authentication bypass, allowing an attacker to send an HTTP...

PT-2022-12108 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The search param...

Reolink Rlc-410W 输入验证错误漏洞

Reolink Rlc-410W is a Wifi security camera from Reolink China.A security vulnerability exists in Reolink RLC-410W, which can be exploited by attackers to cause a reboot via a crafted HTTP request...

Apache Log4j 代码问题漏洞

Apache Log4j is the United States Apache Apache Foundation of a Java-based open source logging tool . Apache Log4J has a code issue vulnerability that can be exploited by an attacker to design a data request to be sent to a server using the Apache Log4j tool, which triggers remote code execution...

Fortinet FortiWeb Denial of Service Vulnerability (CNVD-2021-84248)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Vembu BDR Suite 代码问题漏洞

Vembu BDR Suite is a virtual machine management system. A code issue vulnerability exists in Vembu BDR Suite, which can be exploited by an attacker to write an unauthenticated file via a GET request that specifies the name and content of the file...

Tenda AC11 Stack Buffer Overflow Vulnerability (CNVD-2021-33998)

The Tenda AC11 is an AC1200 dual-band Gigabit WiFi router. A stack buffer overflow vulnerability exists in /goform/setmac in the Tenda AC11 02.03.01.104CN and earlier firmware. An attacker can exploit this vulnerability to execute arbitrary code on the system via a specially crafted post request...

Tenda G1 and G3 Buffer Overflow Vulnerability (CNVD-2022-10753)

Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code via a crafted action portMappingIndex request...

TotoLink X5000R 操作系统命令注入漏洞

Totolink X5000R is a router from China's Gion Electronics Totolink. The TOTOLINK X5000R router suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary operating system commands by sending a modified HTTP request...

MGASA-2021-0058 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.11 and fixes at least the following security issue: SCSI “EXTENDED COPY” XCOPY requests sent to a Linux SCSI target LIO allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to o...

Micrium uC-HTTP Code Issue Vulnerability

Micrium uC-HTTP is a software from Micrium USA that provides TCP/IP functionality for devices. The software is designed for embedded applications with a compact, reliable, high-performance TCP/IP stack with dual support for IPv4 and IPv6. A security vulnerability exists in Micrium uC-HTTP version...

Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection

The bulkaction, exportfull and savesliderdb functionalities of the plugin were vulnerable, allowing a high privileged user Admin, or medium one such as Contributor+ if "Role Options" is turn on for other users to perform a SQL Injection attacks. Vulnerable param: check Vulnerable function:...

Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title : CWP Control Web Panel phpMyAdmin password access Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only...

Unspecified Vulnerability in CloudBees Jenkins Dynatrace Application Monitoring Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dynatrace Application Monitoring Plugin is us...

RDK WebUI Component Access Control Error Vulnerability

RDK Management RDK is a modular, portable, and customizable open source IoT software solution from the RDK Management community. An access control error vulnerability exists in the actionHandlerUtility.php file of the WebUI component in version RDK RDKB-20181217-1. An attacker can exploit the...

HPE CentralView Fraud Risk Management Elevation of Privilege Vulnerability

HPE CentralView Fraud Risk Management is an end-to-end solution for addressing fraud control issues. An elevation of privilege vulnerability exists in HPE CentralView Fraud Risk Management, which can be exploited by an attacker to submit a special request to elevate privileges...