CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5095 – Victor Zsviot Camera MQTT Packet denial of service
https://notcve.org/view.php?id=CVE-2024-5095
A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kzLiu2017/Tuya_Cam_CVE_Doc/blob/main/zsviot%20camera.pdf https://vuldb.com/?ctiid.265077 https://vuldb.com/?id.265077 https://vuldb.com/?submit.332461 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23966
https://notcve.org/view.php?id=CVE-2020-23966
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. • https://github.com/VictorAlagwu/CMSsite https://github.com/VictorAlagwu/CMSsite/issues/15 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-35597
https://notcve.org/view.php?id=CVE-2020-35597
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. Victor CMS versión 1.0, es vulnerable a la inyección SQL por medio del parámetro c_id del archivo admin_edit_comment.php, el parámetro p_id del archivo admin_edit_post.php, el parámetro u_id del archivo admin_edit_user.php y el parámetro edit del archivos admin_update_categories.php • https://cxsecurity.com/issue/WLB-2020120118 https://github.com/VictorAlagwu/CMSsite/issues/16 https://www.exploit-db.com/exploits/49282 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28060
https://notcve.org/view.php?id=CVE-2022-28060
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. Una Vulnerabilidad de inyección SQL en Victor CMS versión v1.0, por medio del parámetro user_name en /includes/login.php • https://github.com/JiuBanSec/CVE/blob/main/VictorCMS%20SQL.md https://github.com/JiuBanSec/CVE_LIST/blob/main/CVE-2022-28060/CVE-2022-28060.pdf https://github.com/VictorAlagwu/CMSsite • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27478
https://notcve.org/view.php?id=CVE-2022-27478
Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. Se ha detectado que Victor versión v1.0, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del componente admin/profile.php?section=admin • https://github.com/k0xx11/Vulscve/blob/master/Victor1.0-rce.md • CWE-434: Unrestricted Upload of File with Dangerous Type •