MyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
Hard-coded Credentials security vulnerability of Netmonitor model v3.03 from Heatmiser manufacturer has been discovered. With this vulnerability, the hidFrm form in the source code of the page anonymously has access to hidden input codes. This information is contained in the input field of the hidFrm form in the source code lognm and logpd.
The AVE DOMINAplus version 1.10.x is vulnerable to an authentication bypass exploit. This vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access to the system. The affected versions include Web Server Code 53AB-WBS - 1.10.62, Touch Screen Code TS01 - 1.0.65, Touch Screen Code TS03x-V | TS04X-V - 1.10.45a, and Touch Screen Code TS05 - 1.10.36. The exploit can be used on various models and versions of the AVE DOMINAplus system.
This exploit allows an attacker to remotely reboot AVE DOMINAplus devices without authentication.
The CSRF vulnerability was discovered in the WorkCentre® 7830 printer model of Xerox printer hardware. A request to add users is made in the Device User Database form field. This request is captured by the proxy. And a CSRF PoC HTML file is prepared. WorkCentre® 7830 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
The CSRF vulnerability was discovered in the WorkCentre® 7855 printer model of Xerox printer hardware. A request to add users is made in the Device User Database form field. This request is captured by the proxy. And a CSRF PoC HTML file is prepared. WorkCentre® 7855 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
The CSRF vulnerability was discovered in the WorkCentre® 6655 printer model of Xerox printer hardware. A request to add users is made in the Device User Database form field. This request is captured by the proxy. And a CSRF PoC HTML file is prepared. Xerox WorkCentre® 6655 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
This exploit targets a stack overflow vulnerability in FTP Navigator 8.03. By sending a specially crafted payload, an attacker can trigger a stack overflow condition, potentially leading to remote code execution.
The HomeAutomation application version 3.3.2 is vulnerable to remote code execution. This can be exploited by an attacker with authenticated access to the application and the ability to perform a CSRF attack. The vulnerability exists in the 'customcommand.plugin.php' file, where unsanitized user input is passed to the 'exec()' function, allowing arbitrary shell commands to be executed as the web user.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Services By CQR