This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. This allows the installation of arbitrary snaps. Snaps in “devmode” bypass…
>> CATEGORY: exploit
SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from a cross site request forgery vulnerability.
SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from an authenticated command injection vulnerability.
Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the fmgpon_loid parameter.
Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the newpass and confpass parameters in /bin/WebMGR.
A denial of service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited…
Jiofi 4 (JMR 1140) with firmware version Amtel_JMR1140_R12.07 suffers from a cross site scripting vulnerability.
Jiofi 4 (JMR 1140) with firmware version Amtel_JMR1140_R12.07 suffers from a WiFi password disclosure cross site request forgery vulnerability.
Jiofi 4 (JMR 1140) with firmware version Amtel_JMR1140_R12.07 suffers from an admin token disclosure cross site request forgery vulnerability.
Rukovoditel Project Management CRM version 2.4.1 suffers from a cross site scripting vulnerability.