For individuals

A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the...

A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.

The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use...

A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The...

A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file /page.php. The manipulation of the argument ID leads to sql...

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of...

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a...

The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.

A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to...