Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-27380: TALOS-2023-1780 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE
Open in Source
#vulnerability#web#cisco#intel#perl#auth#wifi
CVE-2023-28381: TALOS-2023-1779 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-35193: TALOS-2023-1782 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.

CVE-2023-34354: TALOS-2023-1781 || Cisco Talos Intelligence Group

A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-4957: Authentication Bypass Zebra Ztc | INCIBE-CERT

A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.

CVE-2023-45396: Vulns/(IDOR) leads to events profiles access - Elenos.md at main · strik3r0x1/Vulns

An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.

CVE-2023-37538: Knowledge Article View HCL - Customer Support

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

CVE-2023-44107

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-5521

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

CVE-2023-5520

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.