WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Deletion via 'file' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...

SQL Injection

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to SQL Injection via the sort parameter in the MAC accounting graph endpoint. An attacker can extract sensitive database...

CVE-2003-1281

cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files...

EUVD-2003-1271

Malware in sbrugna...

WordPress WP-DownloadManager plugin <= 1.68.11 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.68.11...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15...

CVE-2021-23283

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

CVE-2021-23283 Security issues in Eaton Intelligent Power Protector (IPP)

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

Intelligent Power Protector跨站脚本漏洞

Intelligent Power Protector is a Intelligent Power Software. A cross-site scripting vulnerability exists in Eaton Intelligent Power Protector IPP prior to version 1.69, which stems from insufficient validation of user input and improper encoding of output for certain resources in the IPP software...

CVE-2021-23288

The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69...

Eaton Intelligent Power Manager Remote Code Execution Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A remote code execution vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, whi...

CVE-2021-23277

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

CVE-2021-23276

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base...

CVE-2021-23278

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/mapssrv.js with action removeBackground and server/nodeupgradesrv.js with action removeFirmware. An attacker can send specially...

CVE-2021-23281

CVE-2021-23281 – Eaton IPM before 1.69 is an unauthenticated remote code execution vulnerability. The issue arises from inadequate sanitization in the meta_driver_srv.js class (coverterCheckList usage), allowing a crafted packet to trigger IPM to connect to a rogue SNMP server and execute attacke...

Eaton Intelligent Power Manager 输入验证错误漏洞

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An arbitrary file deletion vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69,...

PT-2021-15430 · Eaton · Eaton Intelligent Power Manager

Name of the Vulnerable Software and Affected Versions: Eaton Intelligent Power Manager IPM versions prior to 1.69 Description: The issue concerns an unauthenticated eval injection vulnerability. It arises because the software fails to neutralize code syntax from users before using it in the dynam...

Eaton Intelligent Power Manager 代码问题漏洞

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An arbitrary file upload vulnerability exists in Eaton Intelligent Power Manager IPM versions prior to 1.69...

Debian DLA-1284-1 : leptonlib security update

Talosintelligence discovered a command injection vulnerability in the gplotMakeOutput function of leptonlib. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that...

[SECURITY] Fedora 17 Update: leptonica-1.69-5.fc17

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...