15 matches found
EUVD-2017-12338
Malware in sbrugna...
EUVD-2023-46273
Malicious code in bioql PyPI...
CVE-2023-41781
There is a Cross-site scripting XSS vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered...
VulnCheck KEV: CVE-2023-25651
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak...
Cross site scripting
There is a Cross-site scripting XSS vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered...
CVE-2023-41781
ZTE MF258 is reported to have a Cross-site Scripting (XSS) vulnerability caused by insufficient input validation of the SMS interface parameter. The CVE-2023-41781 entry documents XSS on the affected device, with references indicating the issue stems from SMS parameter handling. Connected sources...
CVE-2023-41781 XSS Vulnerability in ZTE MF258 Products
There is a Cross-site scripting XSS vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered...
CVE-2023-25651
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak...
Sql injection
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak...
CVE-2023-25651
CVE-2023-25651 affects some ZTE mobile internet products due to insufficient input validation of the SMS interface parameter, enabling an authenticated attacker to perform SQL injection and cause information leakage. Concrete details across sources: vulnerable component is the SMS interface handl...
CVE-2023-25651 SQL Injection Vulnerability in Some ZTE Mobile Internet Products
There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak...
Design/Logic Flaw
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...
CVE-2017-3217
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...
CVE-2017-3217 CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...
CalAmp LMU-3030 devices may not authenticate SMS interface
Overview OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device, manufactured by CalAmp, has an SMS text message interface. We have found multiple deployments where no password was configured for this interface by the integrator / reseller...