551
|
- |
|
-
|
-
|
Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user. These commands allow for restarting the operating system,
rebooting the hardware, and stopping the e…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-39364
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
552
|
- |
|
-
|
-
|
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an …
Update
|
-
|
CVE-2024-39275
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
553
|
- |
|
-
|
-
|
Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests received are displayed to the user. The device doesn't
correctly neutralize malicious code when parsing HTTP…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-38308
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
554
|
- |
|
-
|
-
|
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
Update
|
CWE-261
Weak Encoding for Password
|
CVE-2024-37187
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
555
|
- |
|
-
|
-
|
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
Update
|
CWE-261
Weak Encoding for Password
|
CVE-2024-34542
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
556
|
- |
|
-
|
-
|
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same
origin policy, which is designed to prevent different websites fro…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-28948
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
557
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
Update
|
-
|
CVE-2024-25412
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
558
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
Update
|
-
|
CVE-2024-25411
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
559
|
- |
|
-
|
-
|
A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The ma…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2024-9284
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
560
|
- |
|
-
|
-
|
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
Update
|
CWE-89
SQL Injection
|
CVE-2024-8630
|
2024-09-30 21:45 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|