Design/Logic Flaw

The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...

Design/Logic Flaw

Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter...

Authentication flaw

Hozard alarm system Alarmsysteem v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number...

Default credentials

A default engineer password set on the Hozard alarm system Alarmsysteem v1.0 allows an attacker to bring the alarm system to a disarmed state...

Sql injection

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cmstemplate.php. The manipulation of the argument tname/tpath leads to sql injection. The attack may be initiated remotely. The exploit has...

Cross site scripting

A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the publi...

Cross site scripting

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument resid leads to cross site scripting. The attack may be launched remotely. The...

Cross site scripting

A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

Design/Logic Flaw

Nginx-UI is an online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using DefaultQuery, the "desc" and "id" values are used as default values if the query parameters are not set. Thu...

Information disclosure

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't...

Design/Logic Flaw

Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks...

Design/Logic Flaw

A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=resetadminpsw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the publ...

Cross site scripting

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /newitem of the component New Item Creation Page. The manipulation of the argument newitem leads to cross sit...

Race condition

An issue was discovered in the Linux kernel before 6.6.8. roseioctl in net/rose/afrose.c has a use-after-free because of a roseaccept race condition...

Design/Logic Flaw

A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the...

Race condition

An issue was discovered in the Linux kernel before 6.6.8. atalkioctl in net/appletalk/ddp.c has a use-after-free because of an atalkrecvmsg race condition...

Race condition

An issue was discovered in the Linux kernel before 6.6.8. dovccioctl in net/atm/ioctl.c has a use-after-free because of a vccrecvmsg race condition...

Improper access control

A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack ca...

Path traversal

A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack...

Cross site scripting

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

Design/Logic Flaw

A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has be...

Information disclosure

Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd,...

Path traversal

A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument memberinfo leads to path traversal: '../filedir'. It is possible to initiate the attack...

Improper access control

A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the publ...

Heap overflow

In exiftags 1.01, nikonprop1 in nikon.c has a heap-based buffer overflow write of size 28 because snprintf can write to an unexpected address...

Improper access control

A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely...

Improper access control

A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

Improper access control

A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely...

Command injection

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell...

Denial of service

A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler SEH records resulting in a service shutdown...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function...

Design/Logic Flaw

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

Design/Logic Flaw

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

Design/Logic Flaw

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function...

Cross site scripting

The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...

Cross site scripting

The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

Cross site request forgery (csrf)

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

Cross site request forgery (csrf)

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 for Pro & 2.2.7 for Free. This is due to missing or incorrect nonce validation on the evoeventpostupdatemeta function. This makes it...

Information disclosure

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...

Design/Logic Flaw

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

Design/Logic Flaw

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

Code injection

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Code injection

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Code injection

In ScaleFusion Windows Desktop App agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

Cross site scripting

A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the...