Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6614 | 1 Typecho | 1 Typecho | 2024-11-21 | 2.7 Low |
| A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-4467 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2024-11-21 | 6.2 Medium |
| A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260. | ||||
| CVE-2023-42134 | 1 Paxtechnology | 3 A50, A920 Pro, Paydroid | 2024-11-21 | 6.8 Medium |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-40158 | 1 Cbc | 56 Dr-16f, Dr-16f42a, Dr-16f42a Firmware and 53 more | 2024-11-21 | 8.8 High |
| Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | ||||
| CVE-2022-3203 | 1 Oringnet | 4 Iap-420, Iap-420\+, Iap-420\+ Firmware and 1 more | 2024-11-21 | 9.8 Critical |
| On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot. | ||||
| CVE-2022-36429 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2024-11-21 | 7.2 High |
| A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | ||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2024-11-21 | 6.8 Medium |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | ||||
| CVE-2021-4229 | 1 Ua-parser-js Project | 1 Ua-parser-js | 2024-11-21 | 5 Medium |
| A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2021-43987 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.8 Critical |
| An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | ||||
| CVE-2021-24867 | 1 Accesspressthemes | 93 Accessbuddy, Accesspress Anonymous Post, Accesspress Basic and 90 more | 2024-11-21 | 9.8 Critical |
| Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion | ||||
| CVE-2020-3352 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 5.5 Medium |
| A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands. The vulnerability is due to the presence of undocumented configuration commands. An attacker could exploit this vulnerability by performing specific steps that make the hidden commands accessible. A successful exploit could allow the attacker to make configuration changes to various sections of an affected device that should not be exposed to CLI access. | ||||
| CVE-2020-28593 | 1 Cosori | 2 Cs158-af, Cs158-af Firmware | 2024-11-21 | 8.1 High |
| A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-16204 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2024-11-21 | 9.8 Critical |
| The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions). | ||||
| CVE-2020-14487 | 1 Freemedsoftware | 1 Openclinic Ga | 2024-11-21 | 9.4 Critical |
| OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands. | ||||
| CVE-2020-12504 | 3 Korenix, Pepperl-fuchs, Westermo | 58 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 55 more | 2024-11-21 | 9.8 Critical |
| Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | ||||
| CVE-2018-17919 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-11-21 | N/A |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | ||||
| CVE-2017-20084 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20083 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20082 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2024-11-21 | 5.5 Medium |
| A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-47001 | 1 Takenaka Engineering | 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more | 2024-09-20 | 8.8 High |
| Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||