Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-3766 |
A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Affected by this issue is some unknown functionality of the file /admin-api/upload_image of the component Image File Upload. The manipulation of the argument file leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260606 is the identifier assigned to this vulnerability. Published: April 14, 2024; 8:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29844 |
Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. Published: April 14, 2024; 8:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29843 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels Published: April 14, 2024; 8:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29842 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user Published: April 14, 2024; 8:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29841 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user Published: April 14, 2024; 8:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29840 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user Published: April 14, 2024; 8:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29839 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user Published: April 14, 2024; 8:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29838 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software Published: April 14, 2024; 8:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29837 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in. Published: April 14, 2024; 8:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29836 |
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site. Published: April 14, 2024; 8:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3765 |
A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerability is an unknown functionality of the component Sofia Service. The manipulation with the input ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: April 14, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3764 |
** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack. Published: April 14, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3763 |
A vulnerability was found in Emlog Pro 2.2.10. It has been rated as problematic. This issue affects some unknown processing of the file /admin/tag.php of the component Post Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: April 14, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3762 |
A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: April 14, 2024; 6:15:58 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24863 |
In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset. Published: April 14, 2024; 9:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24862 |
In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a failed memory allocation by the function devm_kzalloc. Hence, a null pointer check needs to be added to prevent null pointer dereferencing later in the code. To fix this issue, spi_bus->spi_int[iter] should be checked. The memory allocated by devm_kzalloc will be automatically released, so just directly return -ENOMEM without worrying about memory leaks. Published: April 14, 2024; 9:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3740 |
A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579. Published: April 13, 2024; 5:15:48 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3739 |
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability. Published: April 13, 2024; 3:15:53 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3738 |
A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability. Published: April 13, 2024; 2:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3737 |
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576. Published: April 13, 2024; 1:15:50 PM -0400 |
V3.x:(not available) V2.0:(not available) |