Peter Wahba

8 exploits Active since Jun 2025
CVE-2023-47029 WRITEUP CRITICAL WRITEUP
NCR Terminal Handler - Information Disclosure
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
CVSS 9.8
CVE-2023-47030 WRITEUP CRITICAL WRITEUP
NCR Terminal Handler - Code Injection
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
CVSS 9.8
CVE-2023-47032 WRITEUP CRITICAL WRITEUP
NCR Terminal Handler - Code Injection
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
CVSS 9.8
CVE-2023-47294 WRITEUP HIGH WRITEUP
NCR Terminal Handler - Improper Access Control
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
CVSS 8.1
CVE-2023-47295 WRITEUP CRITICAL WRITEUP
NCR Terminal Handler 1.5.1 - Command Injection
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
CVSS 9.8
CVE-2023-47297 WRITEUP CRITICAL WRITEUP
NCR Terminal Handler - Improper Access Control
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
CVSS 9.8
CVE-2023-47298 WRITEUP MEDIUM WRITEUP
NCR Terminal Handler - Information Disclosure
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
CVSS 4.3
CVE-2023-48978 WRITEUP CRITICAL WRITEUP
NCR ITM Web terminal <4.4.4 - RCE
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
CVSS 9.8