A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE
UTILITY sub-menu can allow a remote attacker to inject arbitrary
commands.
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a remote attacker to inject arbitrary commands.
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly.
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user account with a password that cannot be
changed.
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or mod
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting.
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the we
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanit
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
configuring a maliciously cr
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an unauthenticated attacker to achieve remote code
execution on the system by sending a crafted request to
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard
administrative means. An attacker with network access to the device can
gai
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input i
A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trig
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibitin
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input int
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input in
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker to achieve remote code
execution on the system by modifying malicious input inje
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious inpu
Page 1+ Next →