In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization. Date published : 2022-04-27 https://github.com/tgp-top/D-Link-DIR-825 https://www.dlink.com/en/security-bulletin/
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. Date published : 2022-04-27 https://github.com/tgp-top/D-Link-DIR-825 https://www.dlink.com/en/security-bulletin/
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. Date published : 2022-04-27 http://packetstormsecurity.com/files/167127/TLR-2005KSH-Arbitrary-File-Delete.html https://drive.google.com/drive/folders/1_e3eJ8fzhCWnCkoRpbLoyQecuKkPR4OD?usp=sharing
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. Date published : 2022-04-27 https://drive.google.com/drive/folders/1iY4QqzZLdYgwD0LYc74M4Gm2wSC6Be1u?usp=sharing
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. Date published : 2022-04-27 http://packetstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.html http://packetstormsecurity.com/files/167387/Telesquare-SDT-CW3B1-1.1.0-Command-Injection.html
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. Date published : 2022-04-27 https://drive.google.com/file/d/17y764rRfgab2EhYMEqCIYh__5sOTigqe/view?usp=sharing
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. Date published : 2022-04-27 https://drive.google.com/file/d/1ubNqP3c_AheIPgdVsF6SZuLNDu4uRDuf/view?usp=sharing
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. Date published : 2022-04-27...
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 Date published : 2022-04-27 https://www.ibm.com/support/pages/node/6574787 https://exchange.xforce.ibmcloud.com/vulnerabilities/210021
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. Date published : 2022-04-27 https://www.ibm.com/support/pages/node/6574787 https://exchange.xforce.ibmcloud.com/vulnerabilities/208756
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. Date published : 2022-04-27 https://www.ibm.com/support/pages/node/6574787 https://exchange.xforce.ibmcloud.com/vulnerabilities/208397
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. Date published : 2022-04-27 https://www.ibm.com/support/pages/node/6574787 https://exchange.xforce.ibmcloud.com/vulnerabilities/208341
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting...
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. Date published...