CVE-2022-29298 – SolarView Compact 6.00 - Directory Traversal
https://notcve.org/view.php?id=CVE-2022-29298
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. SolarView Compact ver.6.00, permite a atacantes acceder a archivos confidenciales por medio de un salto de directorio SolarView Compact version 6.00 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/50950 http://packetstormsecurity.com/files/167383/SolarView-Compact-6.00-Directory-Traversal.html https://drive.google.com/file/d/1-RHw9ekVidP8zc0xpbzBXnse2gSY1xbH/view?usp=sharing • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-20662
https://notcve.org/view.php?id=CVE-2021-20662
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. Una falta de autenticación para funciones críticas en SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante alterar la información de configuración sin los privilegios de acceso por medio de vectores no especificados • https://jvn.jp/en/jp/JVN37417423/index.html https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf • CWE-306: Missing Authentication for Critical Function •
CVE-2021-20661
https://notcve.org/view.php?id=CVE-2021-20661
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. Una vulnerabilidad de salto de directorios en SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a atacantes autenticados eliminar archivos y/o directorios arbitrarios en el servidor por medio de vectores no especificados • https://jvn.jp/en/jp/JVN37417423/index.html https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-20659
https://notcve.org/view.php?id=CVE-2021-20659
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code. SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante autenticado cargar archivos arbitrarios por medio de vectores no especificados. Si el archivo es un script PHP, un atacante puede ejecutar código arbitrario • https://jvn.jp/en/jp/JVN37417423/index.html https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-20660
https://notcve.org/view.php?id=CVE-2021-20660
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en SolarView Compact SV-CPT-MC310 versiones anteriores a 6.5, permite a un atacante inyectar una secuencia de comandos arbitraria por medio de vectores no especificados • https://jvn.jp/en/jp/JVN37417423/index.html https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •