9 matches found
CVE-2024-4423
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and...
CVE-2024-4425
CVE-2024-4425 affects CemiPark software (versions 4.5, 4.7, 5.03 and potentially others). The root cause is improper handling of credentials, with integration credentials (e.g., FTP or SIP) stored in plain-text. An attacker who gains unauthorized access to the device can retrieve clear-text passw...
CVE-2024-4424 Stored XSS in CemiPark
The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting XSS attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code...
CVE-2024-4424
CVE-2024-4424 affects CemiPark software (versions 4.5, 4.7, 5.03 and potentially others) where input data is not properly validated, enabling stored cross-site scripting (XSS). The vulnerability arises from insufficient validation of user-entered data in the access control/data entry pathways, al...
CVE-2024-4424 Stored XSS in CemiPark
The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting XSS attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code...
CVE-2024-4423 Authentication bypass in CemiPark
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with administrator rights to the application.This issue affects CemiPark software: 4.5, 4.7, 5.03 and...
CVE-2019-19753
SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...
SUPERAntiSpyware Professional X 10.0.1264 DLL Hijacking / Privilege Escalation
Title: SUPERAntiSpyware Professional X Version =10.0.1264 "version.dll" Local Privilege Escalation Date: 03.04.2024 Author: M. Akil Gündoğan Vendor Homepage: https://superantispyware.com/ Version: 10.0.1262 and lastest version 10.0.1264 Tested on: Windows 10 Professional x64 PoC Video:...
jetboxcms21-xss.txt
netVigilance Security Advisory 29 Jetbox CMS version 2.1 XSS Attack Vulnerability Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from layout. It uses p...