CVE-2021-25460

An improper access control vulnerability in sspExit in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService...

Sql injection

ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service...

CVE-2023-28701 ELITE Web Fax - SQL Injection

ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service...

CVE-2022-43438

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

PT-2023-14202 · Easytest · Easytest

Name of the Vulnerable Software and Affected Versions: EasyTest affected versions not specified Description: The Administrator function of EasyTest has an Incorrect Authorization issue. A remote attacker authenticated as a general user can exploit this to bypass intended access restrictions, make...

CVE-2022-32959 HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...

Command injection

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service...

CVE-2020-12775

Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate...

CVE-2021-28182

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...