Monthly Archive: July 2020

Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects...

rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500,...

A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310,...

Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500,...

webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510,...

An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310,...

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. Date published : 2020-07-28 https://github.com/concrete5/concrete5/pull/8713 https://github.com/concrete5/concrete5/releases/tag/8.5.3

NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. Date published : 2020-07-28 https://herolab.usd.de/security-advisories/ https://herolab.usd.de/security-advisories/usd-2020-0038/

Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. Date published : 2020-07-28 https://herolab.usd.de/security-advisories/ https://herolab.usd.de/security-advisories/usd-2020-0035/

Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. Date published : 2020-07-28 https://herolab.usd.de/security-advisories/ https://herolab.usd.de/security-advisories/usd-2020-0031/

Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. Date published : 2020-07-28 https://herolab.usd.de/security-advisories/ https://herolab.usd.de/security-advisories/usd-2020-0034/

Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. Date published : 2020-07-28 https://herolab.usd.de/security-advisories/ https://herolab.usd.de/security-advisories/usd-2020-0033/

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs....

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string...