Search Vulnerabilities

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection.

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification.

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.