|
271
|
7.5 |
HIGH
Network
hongdian
|
h8951-4g-esp_firmware
|
The "tokenKey" value used in user authorization is visible in the HTML source of the login page.
Update
|
NVD-CWE-noinfo
|
CVE-2023-49261
|
2024-10-11 01:15 |
2024-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
272
|
7.5 |
HIGH
Network
hongdian
|
h8951-4g-esp_firmware
|
The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-49259
|
2024-10-11 01:15 |
2024-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
273
|
8.8 |
HIGH
Network
|
hongdian
|
h8951-4g-esp_firmware
|
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-49257
|
2024-10-11 01:15 |
2024-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
7.5 |
HIGH
Network
hongdian
|
h8951-4g-esp_firmware
|
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-49256
|
2024-10-11 01:15 |
2024-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
275
|
5.4 |
MEDIUM
Network
|
verot
|
class.upload.php
|
As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used.
Developers must be aware of …
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-6551
|
2024-10-11 01:15 |
2024-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
7.7 |
HIGH
Local
|
coolkit
|
ewelink
|
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
Update
|
NVD-CWE-noinfo
|
CVE-2023-6998
|
2024-10-11 01:15 |
2023-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
9.8 |
CRITICAL
Network
apereo
|
central_authentication_service
|
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7…
Update
|
CWE-287
Improper Authentication
|
CVE-2023-4612
|
2024-10-11 01:15 |
2023-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
278
|
7.5 |
HIGH
Network
daurnimator
|
lua-http
|
Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted…
Update
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-4540
|
2024-10-11 01:15 |
2023-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
279
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iommu: Restore lost return in iommu_report_device_fault()
When iommu_report_device_fault gets called with a partial fault it is
s…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44994
|
2024-10-11 00:59 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
8.8 |
HIGH
Network
|
photoboxone
|
smtp_mail
|
Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.
Update
|
-
|
CVE-2024-25914
|
2024-10-11 00:57 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
