EUVD-2022-39023

Malicious code in bioql PyPI...

EUVD-2022-39029

Malicious code in bioql PyPI...

CVE-2022-36306

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still...

CVE-2022-36311

Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...

Command injection

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...

CVE-2022-36311

CVE-2022-36311 affects Airspan AirVelocity 1500 (and may affect AirSpeed models) with versions prior to 15.18.00.2511. The root cause is an injection that enables cross-site scripting in the SNMP community field of the eNodeB web management UI. The available sources state the vulnerability and af...

CVE-2022-36309

CVE-2022-36309 affects Airspan AirVelocity 1500 (and possibly AirSpeed models) with versions prior to 15.18.00.2511. The vuln is a root command injection in the ActiveBank parameter of recoverySubmit.cgi running on the eNodeB web management UI. Impact is associated with potential full compromise ...

CVE-2022-36309

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...

CVE-2022-36306

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still...

PLANEX CS-QR20 Hardcoded Credential

Reserved CVE: CVE-2017-12577 Description A hardcoded account / password is used in the Android application that allows attackers to leverage hidden functions and execute arbitrary code on the device. Vulnerability Type Insecure Permissions Affected Product Code Base Firmware ver 1.30 Affected...

PLANEX CS-QR20 Command Execution

Reserved CVE: CVE-2017-12576 Description A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. Vulnerability Type Insecure Permissions Affected Product Code Base Firmware ver 1.30 Affected Component Web management UI...

Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure

No description provided by source. Updated to include Sitecom MD-253 and MD254 Minor textual changes == Conceptronic Grab’n’Go and Sitecom Storage Center - Password disclosure Vulnerability - Security Advisory AA-002 Severity Rating: High Discovery Date: May 5, 2012 Vendor Notification: May 31,...

Sitecom Home Storage Center Authorization Bypass

Exploit for php platform in category web applications Authorization Bypass Vulnerability in Password Reset Function Sitecom Home Storage Center 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type=...

Conceptronic Grab'n'Go Authorization Bypass

Exploit for php platform in category web applications Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability...

Conceptronic GrabnGo and Sitecom Storage Center - Password Disclosure

Conceptronic GrabnGo and Sitecom Storage Center - Password Disclosure Updated to include Sitecom MD-253 and MD254 Minor textual changes == Conceptronic Grab’n’Go and Sitecom Storage Center - Password disclosure Vulnerability - Security Advisory AA-002 Severity Rating: High Discovery Date: May 5,...