The VIMESA VHF/FM Transmitter Blue Plus 9.7.1 is vulnerable to a Denial of Service (DoS) attack. By sending an unauthorized HTTP GET request to the unprotected endpoint 'doreboot', an unauthenticated attacker can restart the transmitter operations, causing a denial of service.
The vulnerability exists in Blood Bank v1.0 due to insufficient input validation on 'hemail' and 'hpassword' parameters. This allows attackers to execute SQL injection attacks, bypass authentication, and unauthorized access the database. The affected file is /hospitalLogin.php.
SnipeIT version 6.2.1 is vulnerable to stored cross-site scripting (XSS) due to a flaw that enables malicious actors to run JavaScript commands. The vulnerability lies in the location endpoint.
The exploit targets Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, and several other firmware versions. An authenticated attacker could exploit the improper input validation flaws in some CLI commands to cause a buffer overflow or system crash with a crafted payload.
The TEM Opera Plus FM Family Transmitter 35.45 devices are vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by tricking a logged-in user to visit a malicious website, leading to unauthorized actions being performed with administrative privileges.
The exploit allows an attacker to connect to a Ricoh printer over FTP using default credentials and access sensitive directories such as Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics), and Syslog (System Log) to view files and information without authentication.
The vulnerability allows an attacker to access sensitive credentials due to unprotected system logs and weak password encryption implemented in Milesight IoT industrial routers. By exploiting this flaw, an adversary could decrypt and extract passwords leading to unauthorized access. This vulnerability has been assigned CVE-2023-43261.
The Automatic-Systems SOC FL9600 FastLine V06 allows an attacker to traverse directories by manipulating the 'dir' parameter in the 'csvServer.php' script, leading to unauthorized access to sensitive files such as '/etc/passwd'. This vulnerability has been assigned CVE-2023-37607.
Typora v1.7.4 is vulnerable to OS command injection. An attacker can exploit this vulnerability by entering a malicious command into the 'run command' box under Preferences > Export tab > PDF, leading to remote code execution.
An authenticated user can inject malicious code into the 'Name' parameter while adding a cluster in MISP version 2.4.171, leading to the execution of arbitrary scripts in the context of the user's session. This vulnerability has been assigned CVE-2023-37307.