The R Radio FM Transmitter version 1.07 is vulnerable to an improper access control issue that allows unauthenticated users to access the system.cgi endpoint and reveal the plaintext password of the admin user, facilitating authentication bypass and unauthorized access to FM station setup.
Electrolink FM/DAB/TV Transmitter devices with web version 01.09, 01.08, 01.07, display version 1.4, 1.2, control unit version 01.06, 01.04, 01.03, and firmware version 2.1 are vulnerable to a pre-authentication MPFS image remote code execution. An attacker could exploit this vulnerability to execute arbitrary code on the affected system.
The Electrolink FM/DAB/TV Transmitter devices are prone to an authentication bypass vulnerability. This issue allows remote attackers to access the devices without proper authentication, potentially leading to unauthorized control or access to sensitive information. This vulnerability has been assigned CVE-XXXXX.
The R Radio Network FM Transmitter 1.07 system.cgi endpoint has an improper access control issue that allows unauthenticated users to access and view the clear-text password of the admin user, enabling them to bypass authentication and access FM station setup.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
The pagetool-1.07 version is vulnerable to a remote SQL injection. This can be exploited by an attacker by sending a specially crafted request to the index.php file with a malicious payload in the 'name' parameter. This allows the attacker to retrieve sensitive information from the database.
The Halo Game Server is prone to a denial-of-service condition. The issue arises when malformed data is sent to the game server, causing it to enter an infinite loop.
It has been reported that the Digital Reality Game engine is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to validate packet data size input supplied by a client. The immediate consequences of a successful attack will cause the affected server to crash. It has been conjectured that this issue may also be leveraged to execute arbitrary code in the context of the affected application, however this has not been verified.
BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server. Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.
Services By CQR