1561
|
8.1 |
HIGH
Network
|
unisoon
|
ultralog_express_firmware
|
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through speci…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-3920
|
2024-09-17 12:15 |
2020-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1562
|
6.1 |
MEDIUM
Network
|
blackberry
|
unified_endpoint_manager
|
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected …
|
CWE-79
Cross-site Scripting
|
CVE-2017-17442
|
2024-09-17 12:15 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1563
|
- |
|
-
|
-
|
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
|
-
|
CVE-2024-44623
|
2024-09-17 11:35 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1564
|
- |
|
-
|
-
|
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
|
-
|
CVE-2024-8039
|
2024-09-17 11:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1565
|
9.8 |
CRITICAL
Network
cuppacms
|
cuppacms
|
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
|
CWE-89
SQL Injection
|
CVE-2023-47990
|
2024-09-17 11:35 |
2023-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1566
|
9.8 |
CRITICAL
Network
ivanti
|
avalanche
|
An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF).
|
CWE-611
XXE
|
CVE-2023-46265
|
2024-09-17 11:35 |
2023-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1567
|
9.8 |
CRITICAL
Network
ivanti
|
avalanche
|
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-46224
|
2024-09-17 11:35 |
2023-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1568
|
8.8 |
HIGH
Network
|
thingnario
|
photon
|
An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage"…
|
NVD-CWE-noinfo
|
CVE-2023-46055
|
2024-09-17 11:35 |
2023-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1569
|
7.5 |
HIGH
Network
imagely
|
nextgen_gallery
|
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to acc…
|
-
|
CVE-2023-3154
|
2024-09-17 11:35 |
2023-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1570
|
8.8 |
HIGH
Network
|
southrivertech
|
titan_mft_server titan_sftp_server
|
A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an admin…
|
CWE-384
Session Fixation
|
CVE-2023-45687
|
2024-09-17 11:35 |
2023-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|