19 results (0.016 seconds)

CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-27512

https://notcve.org/view.php?id=CVE-2023-27512

23 May 2023 — Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-27514

https://notcve.org/view.php?id=CVE-2023-27514

23 May 2023 — OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-27518

https://notcve.org/view.php?id=CVE-2023-27518

23 May 2023 — Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-27521

https://notcve.org/view.php?id=CVE-2023-27521

23 May 2023 — OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-27920

https://notcve.org/view.php?id=CVE-2023-27920

23 May 2023 — Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. • https://jvn.jp/en/vu/JVNVU92106300 • CWE-863: Incorrect Authorization •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-35239

https://notcve.org/view.php?id=CVE-2022-35239

16 Aug 2022 — The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file. La página de administración de archivos de imagen de SolarView Compact SV-CPT-MC310 Versiones 7.23 y anteriores, y SV-CPT-MC310F Versiones 7.23 y anteriores, contiene u... • https://jvn.jp/en/vu/JVNVU93696585 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-31373

https://notcve.org/view.php?id=CVE-2022-31373

21 Jun 2022 — SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. Se ha detectado que SolarView Compact versión v6.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente Solar_AiConf.php • https://github.com/badboycxcc/SolarView_Compact_6.0_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-31374

https://notcve.org/view.php?id=CVE-2022-31374

21 Jun 2022 — An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. Una vulnerabilidad de carga de archivos arbitrarios /images/background/1.php en SolarView Compact versión 6.0, permite a atacantes ejecutar código arbitrario por medio de un archivo php diseñado • https://github.com/badboycxcc/SolarView_Compact_6.0_upload • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 6

CVE-2022-29303 – SolarView Compact Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2022-29303

12 May 2022 — SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. Se ha detectado que SolarView Compact versión 6.00, contiene una vulnerabilidad de inyección de comandos por medio del archivo conf_mail.php SolarView Compact version 6.0 suffers from a command injection vulnerability. SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server. • https://packetstorm.news/files/id/167183 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-29302

https://notcve.org/view.php?id=CVE-2022-29302

12 May 2022 — SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. Se ha detectado que SolarView Compact versión 6.00, contiene una divulgación de archivos locales por medio del archivo /html/Solar_Ftp.php • https://drive.google.com/file/d/1Bfyk1Nx51HbFGYuDNFKoDxUrloEj-Rzx/view?usp=sharing • CWE-552: Files or Directories Accessible to External Parties •