1081
|
7.2 |
HIGH
Network
|
-
|
-
|
Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and ob…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8459
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1082
|
8.8 |
HIGH
Network
|
-
|
-
|
Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). An unauthenticated remote attacker can trick a user into visiting a malici…
|
-
|
CVE-2024-8458
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1083
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8457
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1084
|
9.8 |
CRITICAL
Network
-
|
-
|
Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and sy…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8456
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1085
|
8.1 |
HIGH
Network
|
-
|
-
|
The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user p…
|
CWE-261
Weak Encoding for Password
|
CVE-2024-8455
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1086
|
5.3 |
MEDIUM
Network
-
|
-
|
The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote…
|
CWE-476 CWE-400
NULL Pointer Dereference Uncontrolled Resource Consumption
|
CVE-2024-8454
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1087
|
- |
|
-
|
-
|
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files …
|
CWE-328 CWE-759
Use of Weak Hash Use of a One-Way Hash without a Salt
|
CVE-2024-8453
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1088
|
- |
|
-
|
-
|
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allow…
|
CWE-29
Path Traversal: '\..\filename'
|
CVE-2024-6394
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1089
|
- |
|
-
|
-
|
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session informatio…
|
-
|
CVE-2024-45200
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1090
|
- |
|
-
|
-
|
Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. If this vulnerability is exploited, an attacker with physical access to the device may re…
|
-
|
CVE-2024-42496
|
2024-09-30 17:15 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|