2281
|
8.0 |
HIGH
Adjacent
|
enelx
|
waybox_pro_firmware
|
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-29125
|
2024-11-9 01:10 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2282
|
8.8 |
HIGH
Adjacent
|
enelx
|
waybox_pro_firmware
|
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
|
NVD-CWE-Other
|
CVE-2023-29121
|
2024-11-9 01:09 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2283
|
8.8 |
HIGH
Adjacent
|
enelx
|
waybox_pro_firmware
|
Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
|
CWE-78
OS Command
|
CVE-2023-29120
|
2024-11-9 01:09 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2284
|
8.8 |
HIGH
Adjacent
|
enelx
|
waybox_pro_firmware
|
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.
|
CWE-89
SQL Injection
|
CVE-2023-29119
|
2024-11-9 01:09 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2285
|
8.8 |
HIGH
Adjacent
|
enelx
|
waybox_pro_firmware
|
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.
|
CWE-89
SQL Injection
|
CVE-2023-29118
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2286
|
8.8 |
HIGH
Adjacent
|
enelx
|
waybox_pro_firmware
|
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
|
CWE-287
Improper Authentication
|
CVE-2023-29117
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2287
|
4.3 |
MEDIUM
Adjacent
|
enelx
|
waybox_pro_firmware
|
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
|
NVD-CWE-noinfo
|
CVE-2023-29116
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2288
|
6.5 |
MEDIUM
Adjacent
|
enelx
|
waybox_pro_firmware
|
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
|
NVD-CWE-noinfo
|
CVE-2023-29115
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2289
|
5.4 |
MEDIUM
Network
|
xplodedthemes
|
xt_floating_cart_for_woocommerce
|
The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9178
|
2024-11-9 01:03 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2290
|
5.4 |
MEDIUM
Network
|
bdthemes
|
element_pack
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget'…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9867
|
2024-11-9 01:00 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|