This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin’s machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 184.108.40.206, GC108PP before 220.127.116.11, GS108Tv3 before 18.104.22.168, GS110TPP before 22.214.171.124, GS110TPv3 before 126.96.36.199, GS110TUP before 188.8.131.52, GS308T before 184.108.40.206, GS310TP before 220.127.116.11, GS710TUP before 18.104.22.168, GS716TP before 22.214.171.124, GS716TPP before 126.96.36.199, GS724TPP before 188.8.131.52, GS724TPv2 before 184.108.40.206, GS728TPPv2 before 220.127.116.11, GS728TPv2 before 18.104.22.168, GS750E before 22.214.171.124, GS752TPP before 126.96.36.199, GS752TPv2 before 188.8.131.52, MS510TXM before 184.108.40.206, and MS510TXUP before 220.127.116.11.