The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
View Full Alert
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form…
There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 188.8.131.52. The attacker can tricking a user to install and run a malicious application to exploit this…