Alerts

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote...

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user,...

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report...

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file...

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.