This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin’s machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 22.214.171.124, GC108PP before 126.96.36.199, GS108Tv3 before 188.8.131.52, GS110TPP before 184.108.40.206, GS110TPv3 before 220.127.116.11, GS110TUP before 18.104.22.168, GS308T before 22.214.171.124, GS310TP before 126.96.36.199, GS710TUP before 188.8.131.52, GS716TP before 184.108.40.206, GS716TPP before 220.127.116.11, GS724TPP before 18.104.22.168, GS724TPv2 before 22.214.171.124, GS728TPPv2 before 126.96.36.199, GS728TPv2 before 188.8.131.52, GS750E before 184.108.40.206, GS752TPP before 220.127.116.11, GS752TPv2 before 18.104.22.168, MS510TXM before 22.214.171.124, and MS510TXUP before 126.96.36.199.