12 matches found
EUVD-2020-7423
Malware in sbrugna...
EUVD-2020-5864
Malware in sbrugna...
EUVD-2022-39484
Malicious code in bioql PyPI...
CVE-2020-15427
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...
Cross site scripting
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
The vulnerability of microprogramming software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises from the use of rigidly encrypted account data. This allows a intruder to gain unauthorized access to protected information and compromise its integrity.
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, such as PHOENIX CONTACT WP 6xxx, is related to the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...
PHOENIX CONTACTs WP 6xxx series web panels Security Vulnerability
PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. A security vulnerability in PHOENIX CONTACTs WP 6xxx series web panels prior to version 4.0.10 exists in the web panels where a remote attacker with SNMPv2 write privileges may be able to use a...
PHOENIX CONTACTs WP 6xxx series web panels Operating System Command Injection Vulnerability
PHOENIX CONTACTs WP 6xxx series web panels are a series of web panels from PHOENIX CONTACTs, Germany. An operating system command injection vulnerability exists in PHOENIX CONTACTs WP 6xxx series web panels versions prior to 4.0.10, which originates from a low-privileged remote attacker who may b...
The vulnerability of the Trace View web instrumentation panel in Grafana allows attackers to escalate their privileges and perform cross-site scripting attacks.
The vulnerability of the Trace View web instrumentation panel in Grafana relates to insufficient protection of the web page structure when processing values of attributes and resources within a range. Exploiting this vulnerability allows an attacker to enhance their privileges and perform...
CVE-2022-36784 Elsight – Elsight Halo Remote Code Execution (RCE)
Elsight – Elsight Halo Remote Code Execution RCE Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution...
Evenroute IQrouter Log Message Disclosure Vulnerability
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in the Web panel in Evenroute IQrouter 3.3.1 and earlier versions, which stems from incorrect access control. A remote attacker could exploit the vulnerability to read system logs...
Airtame HDMI dongle session fixation vulnerability
The AIRTAME HDMI dongle is a wireless access point product for connecting, sharing and split-screen TVs or monitors. A security vulnerability exists in the /bin/login.php file of the Web Panel in the Airtame HDMI dongle using firmware versions prior to 3.0. The vulnerability can be exploited by a...