TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. Date published : 2022-05-10 https://github.com/EPhaha/IOT_vuln/tree/main/TOTOLink/N600R/1
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Date published : 2022-05-10 https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/3 https://www.dlink.com/en/security-bulletin/
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Date published : 2022-05-10 https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/2 https://www.dlink.com/en/security-bulletin/
A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Date published : 2022-05-10 https://github.com/EPhaha/IOT_vuln/tree/main/d-link/dir-882/1 https://www.dlink.com/en/security-bulletin/
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. Date published : 2022-05-10 https://medium.com/@honeyakshat999/hotel-management-system-sql-injection-on-login-page-a1ca87a31176 https://owasp.org/www-community/attacks/SQL_Injection
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files....
A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow...
A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to...
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3),...
A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17...
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a...
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of...
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of...
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns...