417 matches found
CVE-2023-53775
Screen SFT DAB 1.9.3 contains an authentication bypass due to weak session management, enabling reuse of IP-bound session identifiers to issue unauthorized requests to the userManager API and change user credentials. Concrete details from PT-2025-50526: affected version 1.9.3; attack involves byp...
CVE-2023-53741 Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...
CVE-2023-53741 Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...
CVE-2023-53741
Screen SFT DAB 1.9.3 is affected by a weak session management vulnerability that allows an attacker to bypass authentication by reusing IP-address-bound session identifiers. The issue enables exploitation of the vulnerable API by intercepting and reusing established sessions to remove user accoun...
CVE-2023-53740 Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...
Fuji Electric Monitouch V-SFT V7 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
DB Elettronica Screen SFT DAB 授权问题漏洞
DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. An authorization issue vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which stems from a flaw in session management that could lead to password changes...
Fuji Electric Monitouch V-SFT V7 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Fuji Electric Monitouch V-SFT V7 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2023-7328
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values...
CVE-2023-7328
CVE-2023-7328 affects Screen SFT DAB 600/C firmware versions up to and including 1.9.3, due to improper access control on the user management API that permits unauthenticated retrieval of structured user data and connection metadata (e.g., account names, client IP, timeout values). Public referen...
CVE-2023-7328 Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values...
PT-2025-47024
Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C firmware versions up to and including 1.9.3 Description The Screen SFT DAB 600/C firmware has an issue with access control on the user management API. Unauthenticated requests can retrieve structured user data, including...
DB Elettronica Screen SFT DAB 600/C 安全漏洞
The DB Elettronica Screen SFT DAB 600/C is a digital audio broadcast transmitter from DB Elettronica, Italy. A security vulnerability exists in DB Elettronica Screen SFT DAB 600/C version 1.9.3 and earlier, which stems from improper access control of the user management API and could lead to the...
CVE-2025-54496
A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code...
CVE-2025-54526
CVE-2025-54526 concerns Fuji Electric Monitouch V-SFT-6/V-SFT with a stack-based buffer overflow in parsing crafted project/V7 files, leading to remote code execution . ZDI advisories describe the flaw as a lack of proper validation of the length of user-supplied data before copying it into a fix...
PT-2025-45049
Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, potentially allowing an attacker to execute arbitrary cod...
Fuji Electric V-SFT-6 安全漏洞
Fuji Electric V-SFT-6 is a Fuji Electric operator interface software from Fuji Electric, Japan. A security vulnerability exists in Fuji Electric V-SFT-6 that originates from a stack buffer overflow when processing specially crafted project files, which could lead to the execution of arbitrary cod...
Fuji Electric V-SFT-6 安全漏洞
Fuji Electric V-SFT-6 is a Fuji Electric operator interface software from Fuji Electric, Japan. A security vulnerability exists in Fuji Electric V-SFT-6 that stems from a maliciously constructed project file that could result in a heap-based buffer overflow, potentially allowing an attacker to...
PT-2025-45050
Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description The software is susceptible to a stack-based buffer overflow when handling a specifically designed project file. Successful exploitation of this issue could allow an...