Dark C0d3rs

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

Maximum CVSS Score : 9.0

Reference: You are not allowed to view links. Register or Login to view.

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

Maximum CVSS Score : 5.4

Reference: You are not allowed to view links. Register or Login to view.

Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.

Maximum CVSS Score : 5.3

Reference: You are not allowed to view links. Register or Login to view.

Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.

Maximum CVSS Score : 7.5

Reference: You are not allowed to view links. Register or Login to view.

Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05.

Maximum CVSS Score : 7.1

Reference: You are not allowed to view links. Register or Login to view.

Memory corruption while calling the NPU driver APIs concurrently.

Maximum CVSS Score : 7.8

Reference: You are not allowed to view links. Register or Login to view.

In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.

In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184.

Maximum CVSS Score : 0.0

Reference: You are not allowed to view links. Register or Login to view.