17 matches found
CVE-2026-15511 Comfast CF-WR631AX V3 FastCGI Backend webmgnt system_wl_upload_pic_file os command injection
A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function systemwluploadpicfile of the file /usr/bin/webmgnt of the component FastCGI Backend. This manipulation of the argument filename causes os command injection. It is possible to...
CVE-2026-15511
creationtimestamp| type| source ---|---|--- 2026-07-12 10:25:44+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116906521019305139 2026-07-12 23:36:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqidsx7oaq2e 2026-07-12 23:51:52+00:00| seen|...
PT-2026-57563
Name of the Vulnerable Software and Affected Versions Comfast CF-WR631AX V3 versions prior to 2.7.0.8 Description An OS command injection flaw exists in the FastCGI Backend component within the /usr/bin/webmgnt file. The issue occurs in the system wl upload pic file function when processing the...
CVE-2020-15511
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...
CVE-2019-15511
creationtimestamp| type| source ---|---|--- 2024-02-26 09:41:29+00:00| seen| https://t.me/ctinow/193193...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2021-46639
CVE-2021-46639 affects Bentley MicroStation CONNECT 10.16.0.80. Connected sources (ZDI-22-226 and related notices) describe an out-of-bounds write in DGN file parsing that can allow remote code execution; exploitation requires user interaction (visiting malicious page or opening a malicious file)...
Terraform Enterprise Allowed Local Account Creation Bypassing SSO
Summary HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. This vulnerability, CVE-2020-15511, was fixed in v202007-1. Background Terraform Enterprise allowed single sign-on to be enabled vi...
CVE-2020-15511
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...
CVE-2020-15511
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...
CVE-2020-15511
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1...
CVE-2020-15511
CVE-2020-15511 affects HashiCorp Terraform Enterprise up to v202006-1. The vulnerability is a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Root cause: signup flow could be used to create accounts without proper SAML gating. Impact stated in so...
CVE-2019-15511
An exploitable local privilege escalation vulnerability exists in the GalaxyClientService installed by GOG Galaxy. Due to Improper Access Control, an attacker can send unauthenticated local TCP packets to the service to gain SYSTEM privileges in Windows system where GOG Galaxy software is...
CVE-2019-15511
CVE-2019-15511 affects the GalaxyClientService in GOG Galaxy. Root cause: faulty/improper access control enabling unauthenticated local TCP packets to be processed, allowing local privilege escalation to SYSTEM on Windows. Affected products/versions: GOG Galaxy and GalaxyClientService before 1.2....
CVE-2018-15511
CVE-2018-15511 – totemomail 6.0.0 build 570 suffers a cross-site scripting (XSS) vulnerability in the Notification template feature. The description confirms an attacker can inject arbitrary web script or HTML via this feature. Connected sources (NVD/NVD-derived records, PRION/CVE lists, and EUVD...
Exploit for Missing Authentication for Critical Function in Gog Galaxy
GOG Galaxy Exploit for CVE-2019-15511 usage: exploit.py -...
CVE-2017-15511
...