Lucene search
K

417 matches found

cve
cve
added 2025/12/10 9:8 p.m.17 views

CVE-2023-53775

Screen SFT DAB 1.9.3 contains an authentication bypass due to weak session management, enabling reuse of IP-bound session identifiers to issue unauthorized requests to the userManager API and change user credentials. Concrete details from PT-2025-50526: affected version 1.9.3; attack involves byp...

7.1CVSS6.7AI score0.00447EPSS
Exploits1References6Affected Software1
cvelist
cvelist
added 2025/12/10 9:6 p.m.22 views

CVE-2023-53741 Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...

5.1CVSS0.00697EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2025/12/10 9:6 p.m.3 views

CVE-2023-53741 Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...

5.1CVSS6.7AI score0.00697EPSS
Exploits1References6
cve
cve
added 2025/12/10 9:6 p.m.10 views

CVE-2023-53741

Screen SFT DAB 1.9.3 is affected by a weak session management vulnerability that allows an attacker to bypass authentication by reusing IP-address-bound session identifiers. The issue enables exploitation of the vulnerable API by intercepting and reusing established sessions to remove user accoun...

8.1CVSS6.7AI score0.00697EPSS
Exploits1References6Affected Software1
cvelist
cvelist
added 2025/12/10 9:6 p.m.22 views

CVE-2023-53740 Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

8.6CVSS0.00845EPSS
Exploits1References6
zdi
zdi
added 2025/12/10 12:0 a.m.7 views

Fuji Electric Monitouch V-SFT V7 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.2AI score0.0018EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/12/10 12:0 a.m.5 views

DB Elettronica Screen SFT DAB 授权问题漏洞

DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. An authorization issue vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which stems from a flaw in session management that could lead to password changes...

7.1CVSS6.8AI score0.00447EPSS
Exploits1References6
zdi
zdi
added 2025/12/10 12:0 a.m.8 views

Fuji Electric Monitouch V-SFT V7 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.2AI score0.0018EPSS
Exploits0References1
zdi
zdi
added 2025/12/10 12:0 a.m.8 views

Fuji Electric Monitouch V-SFT V7 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.2AI score0.00174EPSS
Exploits0References1
nvd
nvd
added 2025/11/14 11:15 p.m.5 views

CVE-2023-7328

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values...

6.9CVSS0.00339EPSS
Exploits2References5
cve
cve
added 2025/11/14 10:51 p.m.14 views

CVE-2023-7328

CVE-2023-7328 affects Screen SFT DAB 600/C firmware versions up to and including 1.9.3, due to improper access control on the user management API that permits unauthenticated retrieval of structured user data and connection metadata (e.g., account names, client IP, timeout values). Public referen...

6.9CVSS6.5AI score0.00339EPSS
Exploits2References5Affected Software1
vulnrichment
vulnrichment
added 2025/11/14 10:51 p.m.2 views

CVE-2023-7328 Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values...

6.9CVSS6.5AI score0.00339EPSS
Exploits2References5
ptsecurity
ptsecurity
added 2025/11/14 12:0 a.m.4 views

PT-2025-47024

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C firmware versions up to and including 1.9.3 Description The Screen SFT DAB 600/C firmware has an issue with access control on the user management API. Unauthenticated requests can retrieve structured user data, including...

6.9CVSS6.4AI score0.00339EPSS
Exploits2References10
cnnvd
cnnvd
added 2025/11/14 12:0 a.m.4 views

DB Elettronica Screen SFT DAB 600/C 安全漏洞

The DB Elettronica Screen SFT DAB 600/C is a digital audio broadcast transmitter from DB Elettronica, Italy. A security vulnerability exists in DB Elettronica Screen SFT DAB 600/C version 1.9.3 and earlier, which stems from improper access control of the user management API and could lead to the...

6.9CVSS6.5AI score0.00339EPSS
Exploits2References6
redhatcve
redhatcve
added 2025/11/05 10:4 p.m.7 views

CVE-2025-54496

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...

8.4CVSS7.8AI score0.0018EPSS
Exploits0References1
cve
cve
added 2025/11/04 9:37 p.m.23 views

CVE-2025-54526

CVE-2025-54526 concerns Fuji Electric Monitouch V-SFT-6/V-SFT with a stack-based buffer overflow in parsing crafted project/V7 files, leading to remote code execution . ZDI advisories describe the flaw as a lack of proper validation of the length of user-supplied data before copying it into a fix...

8.4CVSS7.3AI score0.00174EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2025/11/04 12:0 a.m.14 views

PT-2025-45049

Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, potentially allowing an attacker to execute arbitrary cod...

8.4CVSS7.4AI score0.0018EPSS
Exploits0References9
cnnvd
cnnvd
added 2025/11/04 12:0 a.m.7 views

Fuji Electric V-SFT-6 安全漏洞

Fuji Electric V-SFT-6 is a Fuji Electric operator interface software from Fuji Electric, Japan. A security vulnerability exists in Fuji Electric V-SFT-6 that originates from a stack buffer overflow when processing specially crafted project files, which could lead to the execution of arbitrary cod...

8.4CVSS7.2AI score0.00174EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/04 12:0 a.m.5 views

Fuji Electric V-SFT-6 安全漏洞

Fuji Electric V-SFT-6 is a Fuji Electric operator interface software from Fuji Electric, Japan. A security vulnerability exists in Fuji Electric V-SFT-6 that stems from a maliciously constructed project file that could result in a heap-based buffer overflow, potentially allowing an attacker to...

8.4CVSS7.3AI score0.0018EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/11/04 12:0 a.m.8 views

PT-2025-45050

Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description The software is susceptible to a stack-based buffer overflow when handling a specifically designed project file. Successful exploitation of this issue could allow an...

8.4CVSS7.3AI score0.00174EPSS
Exploits0References10
Rows per page
Query Builder