14 matches found
EUVD-2025-209961
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files...
CVE-2025-41764
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates...
MineAdmin May Expose Sensitive Information to an Unauthorized Actor
A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...
CVE-2024-8455 PLANET Technology switch devices - Swctrl service exchanges weakly encoded passwords
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets ca...
CVE-2024-8451
CVE-2024-8451 affects PLANET Technology switches with SSH service; the issue is that the SSH server mishandles unauthenticated connection requests, enabling an attacker to occupy SSH connection slots and disrupt legitimate access. Connected sources confirm the vulnerability in PLANET devices and ...
CVE-2024-8777
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...
CVE-2024-8777 The SYSCOM Group OMFLOW - Information Leakage
OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...
CVE-2024-8586
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks...
CVE-2024-8586 Uniong WebITR - Open Redirect
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks...
CVE-2024-8586 Uniong WebITR - Open Redirect
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks...
CVE-2023-4419
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device...
CVE-2022-25594
Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information...
CVE-2018-14077
Wi2be SMART HP WMT R1.2.20201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg...
Cross site request forgery (csrf)
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...