Show filters
121 Total Results
Displaying 11-20 of 121
Sort by:
Attacker Value
Unknown
CVE-2024-8454
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.
0
Attacker Value
Unknown
CVE-2024-8453
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
0
Attacker Value
Unknown
CVE-2024-8452
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.
0
Attacker Value
Unknown
CVE-2024-8451
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service.
0
Attacker Value
Unknown
CVE-2024-8450
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges.
0
Attacker Value
Unknown
CVE-2024-8449
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.
0
Attacker Value
Unknown
CVE-2024-8448
Disclosure Date: September 30, 2024 (last updated October 05, 2024)
Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and obtain a Linux root shell.
0
Attacker Value
Unknown
CVE-2024-43201
Disclosure Date: September 23, 2024 (last updated October 01, 2024)
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information.
0
Attacker Value
Unknown
CVE-2024-0979
Disclosure Date: June 13, 2024 (last updated July 03, 2024)
The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
0
Attacker Value
Unknown
CVE-2024-2742
Disclosure Date: April 11, 2024 (last updated April 11, 2024)
Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality.
0