Electron 漏洞列表
共找到 19 个与 Electron 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2024-5947: Deep Sea Electronics DSE855 - Authentication Bypass POC
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679. -
node-integration-enabled: Electron Applications - Cross-Site Scripting & Remote Code Execution POC
Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');. -
CVE-2024-5947: Deep Sea Electronics DSE855 - Authentication Bypass POC
Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679. -
pingsheng-electronic-sqli: Pingsheng Electronic Reservoir Supervision Platform - Sql Injection POC
There is a SQL injection vulnerability in the GetAllRechargeRecordsBySIMCardId interface of Pingsheng Electronics Reservoir Supervision Platform. An attacker can access the data in the database without authorization, thereby stealing user data and leaking user information. -
Deep Sea Electronics DSE855 存在弱口令漏洞 无POC
Deep Sea Electronics 是全球顶级发电机控制器、自动转换开关控制器、电池充电器以及车辆和非公路控制器制造商之一。Deep SeaElectronics DSE855 存在弱口令漏洞,攻击者可以通过该漏洞登录系统,获取系统敏感信息。 -
Deep Sea Electronics DSE855 存在认证绕过漏洞(CVE-2024–5947) 无POC
Deep Sea Electronics 是全球顶级发电机控制器、自动转换开关控制器、电池充电器以及车辆和非公路控制器制造商之一。Deep SeaElectronics DSE855 存在存在认证绕过漏洞,攻击者可以通过该漏洞访问敏感文件。 -
Delta Electronics DIAEnergie CVE-2024-4547 SQL注入漏洞 无POC
Delta Electronics DIAEnergie是一款工业能源管理系统。Delta Electronics DIAEnergie存在SQL注入漏洞,该漏洞是由于应用对用户发送的RecalculateScript消息验证不当造成的。 -
Delta Electronics DIAEnergie CVE-2024-4548 SQL Injection漏洞 无POC
Delta Electronics DIAEnergie是一款工业能源管理系统。Delta Electronics DIAEnergie存在SQL注入漏洞,该漏洞是由于应用对用户发送的RecalculateScript消息验证不当造成的。 -
AgileBio Electronic Lab Notebook 远程代码执行漏洞(文件上传) 无POC
AgileBio Electronic Lab Notebook是AgileBio Electronic公司的一款编辑器。 该应用v4.234版本存在远程代码执行漏洞。此漏洞是由于系统对contact_name参数缺乏校验导致的。 -
AgileBio Electronic Lab Notebook 远程代码执行漏洞(命令执行) 无POC
AgileBio Electronic Lab Notebook是AgileBio Electronic公司的一款编辑器。 该应用v4.234版本存在远程代码执行漏洞。此漏洞是由于系统对contact_name参数缺乏校验导致的。 -
Delta Electronics InfraSuite Device Master CheckLoadingStartupConfig 目录遍历漏洞 无POC
Delta Electronics InfraSuite Device Master中存在目录遍历漏洞。该漏洞是由于CheckLoadStartupConfig函数对ZIP档案处理不当导致的。 -
Delta Electronics DVW-W02W2-E2 CVE-2022-42139命令注入漏洞 无POC
Delta Electronics DVW-W02W2-E2存在命令注入漏洞,此漏洞是由于对参数destination的值校验不足导致的。 -
Delta Electronics DX-2100-L1-CN CVE-2022-42140命令注入漏洞 无POC
Delta Electronics DX-2100-L1-CN存在命令注入漏洞,此漏洞是由于对参数diagnose_address的值校验不当导致的。 -
Delta Electronics InfraSuite Device Master Opcode 512目录遍历漏洞 无POC
-
Delta Electronics InfraSuite Device Master Device-DataCollect 反序列化漏洞 无POC
-
Delta Electronics DX-2100-L1-CN CVE-2022-42141存储型跨站脚本漏洞 无POC
-
Delta Electronics DX-2100-L1-CN urlfilter存储型跨站脚本漏洞 无POC
-
Delta Electronics InfraSuite设备反序列化漏洞 无POC
-
Delta Electronics InfraSuite 设备反序列化漏洞 无POC