Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwebif project openwebif vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-9807
An issue exists in the OpenWebif plugin up to and including 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remo...
Openwebif Project Openwebif
6.8
CVSSv2
CVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted u...
Openwebif Project Openwebif 1.2.5
5
CVSSv2
CVE-2018-20332
An issue has been discovered in the OpenWebif plugin up to and including 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=do...
Openwebif Project Openwebif
3.5
CVSSv2
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) up to and including 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS.
Openwebif Project Openwebif
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started