116 matches found
Stable Diffusion web UI 安全漏洞
Stable Diffusion web UI is a web interface by the individual developer of AUTOMATIC1111. A security vulnerability exists in Stable Diffusion web UI version 1.7.0, which stems from the presence of a file write vulnerability. An attacker can exploit the vulnerability to write a json file anywhere t...
PT-2023-7332 · Zyxel · Zyxel Nas326 +1
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 version V5.21AAZF.14C0 Zyxel NAS542 version V5.21ABAG.11C0 Description: A command injection issue exists in the web server of the Zyxel NAS326 and NAS542 firmware due to the lack of neutralization of special elements used in...
Remote code execution
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...
Syncfusion ej2-filemanager-node-filesystem 路径遍历漏洞
Syncfusion ej2-filemanager-node-filesystem is an application from Syncfusion, Inc. Syncfusion ej2-filemanager-node-filesystem has a security vulnerability that stems from filesystem-server.js being vulnerable to a directory traversal attack, which can be exploited by an attacker to list any file ...
Snap One OvrC Pro 信任管理问题漏洞
Snap One OvrC is a free cloud-based remote management and monitoring platform from US-based Snap One. A trust management issue vulnerability exists in Snap One OvrC Pro prior to version 7.2 that stems from the use of hard-coded credentials, which can be exploited by an attacker to gain access to ...
PT-2023-1558 · Zyxel · Zyxel Nr7101
Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware versions prior to V1.15ACCC.3C0 Description: The issue is caused by a buffer overflow vulnerability in the library of the web server. This could allow an unauthenticated attacker to execute some OS commands or cause...
VulnCheck KEV: CVE-2018-18809
TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system...
CVE-2022-2105
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...
CVE-2022-22987 Advantech ADAM-3600
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...
IDEC PLCs
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: IDEC Equipment: PLCs Programmable Logic Controllers Vulnerabilities: Unprotected Transport of Credentials, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...
CVE-2021-20826
Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...
CVE-2021-20826
Unprotected transport of credentials vulnerability in IDEC PLCs FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier allows...
PT-2021-7786 · Schneider Electric · Evlink Parking Evf2 +4
Name of the Vulnerable Software and Affected Versions: EVlink City EVC1S22P4 / EVC1S7P4 versions prior to R8 V3.4.0.2 EVlink Parking EVW2 / EVF2 / EVP2PE versions prior to R8 V3.4.0.2 EVlink Smart Wallbox EVB1A versions prior to R8 V3.4.0.2 Description: A CWE-79 Improper Neutralization of Input...
CVE-2021-41242
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...
CVE-2021-41242
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...
Path traversal
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...
CVE-2021-41242 Path Traversal in some REST methods leading to file upload to arbitrary places
OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...
PT-2020-6346 · Schneider Electric · Communication Modules +3
Name of the Vulnerable Software and Affected Versions: Modicon M340 versions affected versions not specified Modicon Quantum versions affected versions not specified Modicon Premium Legacy versions affected versions not specified Communication Modules versions affected versions not specified...
Command Execution Vulnerability in Extreme CMS of Langfang Extreme Network Technology Co.
Extreme CMS is an open source content management system. Ltd. Extreme CMS has a command execution vulnerability that can be exploited by an attacker to gain access to the web server...
Command Execution Vulnerability in Empire CMS v7.5 Backend
EmpireCMS Empire Content Management System is an open source content management system CMS. A command execution vulnerability exists in the Empire CMS v7.5 backend, which can be exploited by an attacker to gain access to the web server...