The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-40039 | An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. | -- | Sep 11, 2023 |
| CVE-2019-20048 | An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM. | HIGH | Jan 7, 2020 |
| CVE-2019-20049 | An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages(). | HIGH | Jan 7, 2020 |
| CVE-2019-20047 | An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>. | MEDIUM | Jan 7, 2020 |
| CVE-2018-10252 | An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network. | MEDIUM | May 14, 2018 |
| CVE-2019-12789 | An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device. | HIGH | Jun 20, 2019 |
| CVE-2020-25784 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling. | HIGH | Jan 28, 2021 |
| CVE-2020-25785 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure. | HIGH | Jan 28, 2021 |
| CVE-2020-25783 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling. | HIGH | Jan 28, 2021 |
| CVE-2020-25782 | An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling. | HIGH | Jan 28, 2021 |
| CVE-2017-8792 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | MEDIUM | May 5, 2017 |
| CVE-2017-8795 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. | MEDIUM | May 5, 2017 |
| CVE-2017-8760 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. | MEDIUM | May 5, 2017 |
| CVE-2017-8791 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. | MEDIUM | May 5, 2017 |
| CVE-2017-8788 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. | MEDIUM | May 5, 2017 |
| CVE-2017-8790 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter filter can be used for LDAP Injection. | HIGH | May 5, 2017 |
| CVE-2017-8303 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. | HIGH | Oct 3, 2019 |
| CVE-2017-8304 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. | MEDIUM | May 5, 2017 |
| CVE-2017-8793 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. | MEDIUM | May 5, 2017 |
| CVE-2017-8796 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | HIGH | May 5, 2017 |
| CVE-2017-8794 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. | MEDIUM | May 5, 2017 |
| CVE-2017-8789 | An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | HIGH | May 5, 2017 |
| CVE-2019-9862 | An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because \"encrypted signal transmission\" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). | -- | Mar 29, 2019 |
| CVE-2019-14261 | An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a \"reactive jamming\" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. | MEDIUM | Sep 5, 2019 |
| CVE-2021-33822 | An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | MEDIUM | Jun 18, 2021 |
| CVE-2023-34611 | An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | -- | Jun 14, 2023 |
| CVE-2020-35561 | An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports. | MEDIUM | Feb 19, 2021 |
| CVE-2023-34623 | An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | -- | Jun 14, 2023 |
| CVE-2023-34615 | An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | -- | Jun 14, 2023 |
| CVE-2023-34610 | An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | -- | Jun 14, 2023 |
| CVE-2023-34614 | An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | -- | Jun 14, 2023 |
| CVE-2023-35110 | An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | -- | Jun 14, 2023 |
| CVE-2021-46310 | An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | -- | Aug 22, 2023 |
| CVE-2021-46312 | An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | -- | Aug 22, 2023 |
| CVE-2020-29368 | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | MEDIUM | Nov 28, 2020 |
| CVE-2018-20127 | An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra \'.\' character, because (for example) php is blocked but path=F:/1.phP. succeeds. | MEDIUM | Dec 13, 2018 |
| CVE-2019-9041 | An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function\'s filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | MEDIUM | Mar 20, 2019 |
| CVE-2018-16548 | An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack. | MEDIUM | Sep 5, 2018 |
| CVE-2018-7727 | An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. | MEDIUM | Mar 6, 2018 |
| CVE-2018-7726 | An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | MEDIUM | Mar 6, 2018 |
| CVE-2018-7725 | An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. | MEDIUM | Mar 6, 2018 |
| CVE-2020-35973 | An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. | LOW | Jun 4, 2021 |
| CVE-2018-17798 | An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | MEDIUM | Sep 30, 2018 |
| CVE-2018-17797 | An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. | MEDIUM | Sep 30, 2018 |
| CVE-2018-18789 | An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | HIGH | Oct 29, 2018 |
| CVE-2018-18792 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | HIGH | Oct 29, 2018 |
| CVE-2018-18787 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | HIGH | Oct 29, 2018 |
| CVE-2018-18785 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | HIGH | Oct 29, 2018 |
| CVE-2018-18791 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | HIGH | Oct 29, 2018 |
| CVE-2018-18786 | An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | HIGH | Oct 29, 2018 |
