![]() ![]() The identifier VDB-224241 was assigned to this vulnerability. The exploit has been disclosed to the public and may be used. It is possible to initiate the attack remotely. The manipulation leads to unrestricted upload. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.Ī vulnerability was found in HadSky 7.7.16. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through any normal operation of the device. Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. This issue is also tracked as `GHSL-2023-049`. A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions ` fields in the AST. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |