| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number. |
| PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301 |
| insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. |
| IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014. |
| DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. |
| D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. |
| Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. |
| png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file. |
| Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. |
| RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. |
| PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. |
| Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. |
| LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. |
| Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. NOTE: this is disputed by the vendor |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php. |
| Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php. |
