Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwebif project openwebif vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-20332
An issue has been discovered in the OpenWebif plugin up to and including 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=do...
Openwebif Project Openwebif
9.8
CVSSv3
CVE-2017-9807
An issue exists in the OpenWebif plugin up to and including 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remo...
Openwebif Project Openwebif
5.4
CVSSv3
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) up to and including 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
Openwebif Project Openwebif
8.8
CVSSv3
CVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted u...
Openwebif Project Openwebif 1.2.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started