13 matches found
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
EUVD-2023-29447
Malicious code in bioql PyPI...
EUVD-2023-29450
Malicious code in bioql PyPI...
CVE-2018-14573
A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
CVE-2023-25492
Lenovo XClarity Controller (XCC) is affected by CVE-2023-25492, a format-string injection vulnerability in the XCC web interface API that could allow a remote authenticated attacker to trigger a denial of service or other undefined behavior. The issue is confirmed across multiple advisories (Red ...
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
CVE-2023-25495
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...
PT-2023-8788 · Haproxy +4 · Haproxy +4
Name of the Vulnerable Software and Affected Versions: Roxy-WI version 6.3.9.0 Description: A Path Traversal issue was found in Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. This issue can be exploited via an HTTP request to "/app/options.py" and the config...
CVE-2018-14573
A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...
CVE-2018-14573
The vulnerability CVE-2018-14573 affects TightRope Media Carousel Digital Signage before 7.3.5. It is a Local File Inclusion (LFI) in the Web Interface API’s RenderingFetch function, exploitable via directory traversal sequences (CSL-1683) to download arbitrary files. Impact is stated as Partial ...
CVE-2018-14573
A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...