Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwebif project openwebif vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-20332
An issue has been discovered in the OpenWebif plugin up to and including 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=do...
Openwebif Project Openwebif
10
CVSSv2
CVE-2017-9807
An issue exists in the OpenWebif plugin up to and including 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remo...
Openwebif Project Openwebif
3.5
CVSSv2
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) up to and including 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
Openwebif Project Openwebif
6.8
CVSSv2
CVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted u...
Openwebif Project Openwebif 1.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started