-
CVE-2019-7746
•
published on May 7, 2019
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.
-
CVE-2019-7746
•
published on May 7, 2019
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.
-
CVE-2019-7746
•
published on May 7, 2019
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset.
-
CVE-2019-7745
•
published on May 7, 2019
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.
-
CVE-2019-7745
•
published on May 7, 2019
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.
-
CVE-2019-7745
•
published on May 7, 2019
JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field.
-
CVE-2019-7687
•
published on May 7, 2019
cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.
-
CVE-2019-7687
•
published on May 7, 2019
cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.
-
CVE-2019-7687
•
published on May 7, 2019
cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.
-
CVE-2019-7564
•
published on May 7, 2019
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.
-
CVE-2019-7564
•
published on May 7, 2019
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.
-
CVE-2019-7564
•
published on May 7, 2019
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.
-
CVE-2019-7541
•
published on May 7, 2019
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
-
CVE-2019-7541
•
published on May 7, 2019
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
-
CVE-2019-7541
•
published on May 7, 2019
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
-
CVE-2019-7443
•
published on May 7, 2019
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
-
CVE-2019-7443
•
published on May 7, 2019
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
-
CVE-2019-7443
•
published on May 7, 2019
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
-
CVE-2019-10742
•
published on May 7, 2019
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
-
CVE-2019-10742
•
published on May 7, 2019
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.