CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-6268 – RAD SecFlow-2 Path Traversal
https://notcve.org/view.php?id=CVE-2019-6268
05 Mar 2024 — RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. Los dispositivos RAD SecFlow-2 con Hardware 0202, Firmware 4.1.01.63 y U-Boot 2010.12 permiten URI que comienzan con /.. para Directory Traversal, como se demuestra al leer /etc/shadow. RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 suffer from a directory traversal vulnerability. • https://packetstorm.news/files/id/177440 • CWE-31: Path Traversal: 'dir\..\..\filename' •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2020-13260 – RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-13260
17 Sep 2020 — A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as the static key file in Configuration-Services-Security-OpenVPN-Static Keys. This payload will execute each time a user opens an affected web page. This could be exploited in conjunction with CVE-2020-13259. Una vulner... • https://www.exploit-db.com/exploits/48807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 3CVE-2020-13259 – RAD SecFlow-1v SF_0290_2.3.01.26 - Cross-Site Request Forgery (Reboot)
https://notcve.org/view.php?id=CVE-2020-13259
16 Sep 2020 — A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with t... • https://www.exploit-db.com/exploits/48809 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6549
https://notcve.org/view.php?id=CVE-2006-6549
14 Dec 2006 — PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below. ** IMPUGNADO ** Vulnerabilidad de inclusión remota de archivo en PHP en upload.php de Rad Upload 3.02 permite a atacantes remotos ejecutar código PHP de su elección mediante... • http://securityreason.com/securityalert/2034 •