CVE-2022-34020 The ResIOT IOT Platform and LoRaWAN Network Server has a CSRF vulnerability that can be used to add new admin users. This vulnerability could also have other impacts.
This vulnerability allows remote attackers to add new admin users to the platform or other unspecified impacts by sending a CSRF request to the application.
CVE-2018-18447 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
These issues could result in remote code execution. To verify your application's resistance to these issues, you can run it through an automated
CVE-2022-41349 An attachUrl parameter in ZCS 8.8.15 is vulnerable to Reflected XSS.
The attached file must be uploaded through the administration interface. Consider the following example.
form action="http://[attacker's server]:8080/h/compose?
CVE-2022-42078 The Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
As CSRF vulnerability allows an attacker to perform unauthorized actions on the targeted site, like changing content, sending emails, etc. By setting up an evil
CVE-2022-42077 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to CSRF attack via SysToolReboot function.
Due to the lack of CSRF protection, an attacker can exploit this vulnerability to hijack an authenticated user's session by sending them a
Episode
00:00:00
00:00:00