1411
|
- |
|
-
|
-
|
Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests received are displayed to the user. The device doesn't
correctly neutralize malicious code when parsing HTTP…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38308
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1412
|
- |
|
-
|
-
|
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
|
CWE-261
Weak Encoding for Password
|
CVE-2024-37187
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1413
|
- |
|
-
|
-
|
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
|
CWE-261
Weak Encoding for Password
|
CVE-2024-34542
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1414
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
|
-
|
CVE-2024-25412
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1415
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
|
-
|
CVE-2024-25411
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1416
|
- |
|
-
|
-
|
A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The ma…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2024-9284
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1417
|
- |
|
-
|
-
|
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
|
CWE-89
SQL Injection
|
CVE-2024-8630
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1418
|
- |
|
-
|
-
|
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8310
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1419
|
- |
|
-
|
-
|
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform administrative actions without proper authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-6981
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1420
|
- |
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. T…
|
-
|
CVE-2024-46367
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|