Lucene search
K

150 matches found

CNVD
CNVD
added 2021/03/26 12:0 a.m.5 views

SQL Injection Vulnerability in LAC WEB Control Center of Shanghai Huanchuang Communication Technology Co.

GBCOM is a high-tech company focusing on technical research, product development and sales in the field of wireless broadband communication with WiFi technology as its core. A SQL injection vulnerability exists in the LAC WEB Control Center of Shanghai Huanchuang Communication Technology Co., Ltd...

7.5AI score
Exploits0
CNVD
CNVD
added 2021/03/25 12:0 a.m.4 views

Information Leakage Vulnerability in LAC WEB Control Center of Shanghai Huanchuang Communication Technology Co.

Huntron Communications LAC is a WiFi product. Shanghai Huanchuang Communication Technology Co., Ltd LAC WEB control center has an information leakage vulnerability, attackers can download sensitive files to obtain sensitive information...

6.6AI score
Exploits0
CNVD
CNVD
added 2021/01/29 12:0 a.m.4 views

Unauthorized access vulnerability in Transmission web control

Transmission Web Control is the Transmission browser management interface. An unauthorized access vulnerability exists in Transmission web control, which can be exploited by an attacker to bypass authentication and arbitrarily control the download, delete, or upload functionality of an applicatio...

7.3AI score
Exploits0
OSV
OSV
added 2020/06/09 8:15 p.m.5 views

CVE-2020-1181

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'...

8.8CVSS7.9AI score0.69303EPSS
Exploits0References2
Prion
Prion
added 2020/05/22 2:15 p.m.19 views

Authentication flaw

An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an...

6.4CVSS8.9AI score0.02298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/05/22 12:0 a.m.6 views

PT-2020-18918 · Epson · Epson Eb-1470Ui Main +1

Name of the Vulnerable Software and Affected Versions: Epson EB-1470Ui MAIN version 98009273ESWWV107 Epson EB-1470Ui MAIN2 version 8X7325WWV303 Description: An exploitable authentication bypass issue exists in the ESPON Web Control functionality. A specially crafted series of HTTP requests can...

9.8CVSS7.2AI score0.02298EPSS
Exploits0References5
CNVD
CNVD
added 2020/05/22 12:0 a.m.4 views

EPSON Epson EB-1470Ui Web Control Authentication Bypass Vulnerability

The EPSON EB-1470Ui is a full HD laser short-throw interactive projector from Epson Japan. A security vulnerability exists in the Epson Web Control feature in the Epson EB-1470Ui version 98009273ESWWV107 and version 8X7325WWV303. An attacker could exploit the vulnerability via a specially crafted...

9.8CVSS6.6AI score0.02298EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2020/05/21 8:49 a.m.33 views

Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could trick a user into...

1.8AI score
Exploits0
Talos
Talos
added 2020/05/21 12:0 a.m.68 views

Epson EB-1470Ui ESPON Web Control Authentication Bypass Vulnerability

Summary An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can...

9.8CVSS9.4AI score0.02298EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/03/26 12:0 a.m.4 views

The vulnerability of the HTTP(S) software control modules of Belden Hirschmann HiOS and Belden Hirschmann HiSecOS allows a perpetrator to gain unauthorized access to confidential information.

The vulnerability of the HTTPS software control modules of Belden Hirschmann HiOS and Belden Hirschmann HiSecOS relates to errors in handling authentication requests. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to sensitive information through specially...

8.1CVSS5.5AI score
Exploits0References2
CNVD
CNVD
added 2019/10/28 12:0 a.m.4 views

ClonOS WEB control panel cross-site scripting vulnerability

ClonOS is an open source platform based on FreeBSD. The platform is mainly used for the creation and management of virtual environments. web control panel is one of the web-based ClonOS control panel. A cross-site scripting vulnerability exists in the index.php file in the ClonOS WEB control pane...

6.1CVSS6.4AI score0.00806EPSS
Exploits1References1
NVD
NVD
added 2019/10/24 8:15 p.m.34 views

CVE-2019-18418

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...

9.8CVSS9.7AI score0.04003EPSS
Exploits3References2
Prion
Prion
added 2019/10/24 8:15 p.m.11 views

Default credentials

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...

7.5CVSS9.6AI score0.04003EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2019/10/24 7:15 p.m.16 views

Cross site scripting

A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

4.3CVSS5.9AI score0.00806EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/10/24 7:1 p.m.109 views

CVE-2019-18418

CVE-2019-18418 affects ClonOS WEB control panel version 19.09. The issue is in clonos.php where there is no session management, enabling remote attackers to gain full access by sending password-change requests. Multiple sources (NVD/NVD mirrors and security advisories) describe an authentication/...

9.8CVSS9.6AI score0.04003EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2019/10/24 7:1 p.m.36 views

CVE-2019-18418

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...

9.7AI score0.04003EPSS
Exploits3References2
CVE
CVE
added 2019/10/24 7:0 p.m.93 views

CVE-2019-18419

The provided connected records confirm CVE-2019-18419 is a cross-site scripting (XSS) flaw in ClonOS WEB control panel 19.09, specifically in index.php with the lang parameter. Root cause is described in CNVD as lack of proper validation of client-side data, enabling injection of arbitrary script...

6.1CVSS5.9AI score0.00806EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/24 7:0 p.m.24 views

CVE-2019-18419

A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

6AI score0.00806EPSS
Exploits1References1
CNVD
CNVD
added 2019/10/24 12:0 a.m.4 views

ClonOS WEB control panel authorization issue vulnerability

ClonOS is an open source platform based on FreeBSD. The platform is mainly used for the creation and management of virtual environments. web control panel is one of the web-based ClonOS control panel. An authorization issue vulnerability exists in the clonos.php file in ClonOS WEB control panel...

9.8CVSS7.3AI score0.04003EPSS
Exploits3References1
CNVD
CNVD
added 2019/10/15 12:0 a.m.2 views

Ajenti Remote Command Execution Vulnerability

Ajenti is a web control panel written in python and angularjs. Ajenti suffers from a remote command execution vulnerability. An attacker can execute commands on a local monitoring server while testing...

7.4AI score
Exploits0References1
Rows per page
Query Builder