Show filters
13,173 Total Results
Displaying 851-860 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-22241
Disclosure Date: February 06, 2024 (last updated February 10, 2024)
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.
0
Attacker Value
Unknown
CVE-2024-22240
Disclosure Date: February 06, 2024 (last updated February 10, 2024)
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information.
0
Attacker Value
Unknown
CVE-2024-22238
Disclosure Date: February 06, 2024 (last updated February 10, 2024)
Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization.
0
Attacker Value
Unknown
CVE-2024-1254
Disclosure Date: February 06, 2024 (last updated April 09, 2024)
A vulnerability, which was classified as critical, was found in Byzoro Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
0
Attacker Value
Unknown
CVE-2024-1253
Disclosure Date: February 06, 2024 (last updated April 09, 2024)
A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
0
Attacker Value
Unknown
CVE-2023-47618
Disclosure Date: February 06, 2024 (last updated February 09, 2024)
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
Attacker Value
Unknown
CVE-2023-47617
Disclosure Date: February 06, 2024 (last updated February 09, 2024)
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
Attacker Value
Unknown
CVE-2023-47209
Disclosure Date: February 06, 2024 (last updated February 09, 2024)
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
Attacker Value
Unknown
CVE-2023-47167
Disclosure Date: February 06, 2024 (last updated February 09, 2024)
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
Attacker Value
Unknown
CVE-2023-46683
Disclosure Date: February 06, 2024 (last updated February 09, 2024)
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.
0