1911
|
- |
|
-
|
-
|
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized a…
|
-
|
CVE-2024-44765
|
2024-11-12 09:15 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1912
|
- |
|
-
|
-
|
Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing fo…
|
-
|
CVE-2024-40117
|
2024-11-12 08:15 |
2024-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1913
|
- |
|
-
|
-
|
An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for S…
|
-
|
CVE-2024-40116
|
2024-11-12 08:15 |
2024-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1914
|
5.4 |
MEDIUM
Network
|
solar-log
|
2000_pm\+_firmware
|
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting …
|
CWE-79
Cross-site Scripting
|
CVE-2023-46344
|
2024-11-12 08:15 |
2024-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1915
|
9.8 |
CRITICAL
Network
solar-log
|
solar-log_250_firmware solar-log_300_firmware solar-log_500_firmware solar-log_800e_firmware solar-log_1000_firmware solar-log_1000_pm\+_firmware solar-log_1200_firmware solar-lo…
|
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up…
|
NVD-CWE-noinfo
|
CVE-2022-47767
|
2024-11-12 08:15 |
2023-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1916
|
6.5 |
MEDIUM
Network
|
bkw
|
solar-log_500_firmware
|
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read b…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2021-34544
|
2024-11-12 08:15 |
2021-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1917
|
7.5 |
HIGH
Network
bkw
|
solar-log_500_firmware
|
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-34543
|
2024-11-12 08:15 |
2021-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1918
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9542. Reason: This candidate is a reservation duplicate of CVE-2024-9542. Notes: All CVE users should reference CV…
|
-
|
CVE-2024-10694
|
2024-11-12 06:15 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1919
|
- |
|
-
|
-
|
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin da…
|
-
|
CVE-2024-39926
|
2024-11-12 06:15 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1920
|
- |
|
-
|
-
|
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated w…
|
-
|
CVE-2024-39925
|
2024-11-12 06:15 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|