CVE-2024-56529

CVE-2024-56529 concerns Mailcow’s web panel up to version 2024-11b, where a session fixation flaw allows an attacker to set a session ID when a victim’s browser has HSTS disabled. After user authentication, the attacker can reuse the same session ID to access the victim’s web panel. Root cause: o...

PT-2024-23294 · Unknown · Nextcloudpi

Name of the Vulnerable Software and Affected Versions: NextcloudPi versions prior to 1.53.1 Description: A command injection issue in NextcloudPi allows command execution as the root user via the NextcloudPi web-panel. This can be exploited by anyone with access to the web-panel, as no...

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3 1.5.9 1.4.6 1.3.9...

CVE-2020-7983

A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks...

CVE-2019-19964

CVE-2019-19964 affects NETGEAR GS728TPS devices up to version 5.3.0.35. A remote attacker with network access to the web administration panel can bypass authentication and access part of the web panel. Connected sources confirm the affected device and vulnerability class; exploitation status and ...