Security
Headlines
HeadlinesLatestCVEs

Tag

#wifi

Is It Possible to Delete Yourself From the Internet Altogether?

By Owais Sultan Believe it or not, the internet is now over half a century old. Of course, it has really… This is a post from HackRead.com Read the original post: Is It Possible to Delete Yourself From the Internet Altogether?

HackRead
Open in Source
#web#google#git#wifi
CVE-2023-4257: Unchecked user input length in the Zephyr WiFi shell module

Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.

CVE-2023-45391: GRANDING UTime Master - Stored XSS

A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.

CVE-2023-45393: GRANDING UTime Master - IDOR

An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.

CVE-2023-31192: 2023/06/30: SE202301: Security Advisory: CVE-2023-27395 etc: Fixed 6 vulnerabilities of SoftEther VPN in cooperation with Cisco Systems, Inc.

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVE-2023-34356: TALOS-2023-1778 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-27380: TALOS-2023-1780 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-28381: TALOS-2023-1779 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-35193: TALOS-2023-1782 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.

CVE-2023-34354: TALOS-2023-1781 || Cisco Talos Intelligence Group

A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.