CVE-2023-27716

An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it...

PT-2023-21307 · Freakchicken · Kafkaui-Lite

Name of the Vulnerable Software and Affected Versions: freakchicken kafkaUI-lite version 1.2.11 Description: An issue was discovered that allows attackers on the same network to gain escalated privileges for the nodes running on it. Recommendations: For freakchicken kafkaUI-lite version 1.2.11, a...

CVE-2023-33684

Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 Apr 19 2021 Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol...

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

COMFAST CF-WR6110N 输入验证错误漏洞

The COMFAST CF-WR6110N is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-WR6110N version V2.3.1, which originates from incorrect input validation and allows remote attackers on the same network to execute arbitrary code on the target via an...

COMFAST CF-WR6110N 授权问题漏洞

COMFAST CF-WR6110N is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in the COMFAST CF-WR6110N version V2.3.1, which originates from incorrect access control and allows a remote attacker on the same network to perform any HTTP request to an unauthenticate...

VulnCheck KEV: CVE-2021-21974

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue...

CVE-2023-23590

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service device restart via an unauthenticated API request. The attacker must be on the same network as the device...

PT-2022-28033 · Unknown · Puhttpsniff

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned in the provided descriptions. Description: The "puhttpsniff" service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker ...

CVE-2022-30232

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001...

CVE-2021-3793

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified...

CVE-2021-3577

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device...

Vulnerability fixed in SonicOS

SonicWall has fixed a vulnerability in SonicOS. A malicious party could potentially exploit the vulnerability to send a user on the vulnerable SonicWall system via a header redirection to a rogue website under the control of the malicious party's control. However, the rogue website and the...

CVE-2021-31845

A buffer overflow vulnerability in McAfee Data Loss Prevention DLP Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro .sam files onto a machine and having DLP Discover scan it, leading to...

Siemens SINEMA Remote Connect Server 访问控制错误漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An access control error vulnerability exists in Siemens SINEMA Remote Connect Server versions prior t...

CVE-2021-33886

An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as t...

CVE-2021-21974

OpenSLP as used in ESXi 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue i...

PYSEC-2021-65

GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network...

CVE-2020-8101

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version...

PT-2020-15707

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WA855RE version V5 20200415-rel37464 Description: TP-Link TL-WA855RE devices allow an unauthenticated attacker on the same network to submit a TDDP RESET POST request, leading to a factory reset and reboot. This allows the attacker...