53 matches found
CVE-2025-32855
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...
CVE-2025-32831
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-30032
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
SUSE CVE-2007-6734
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors...
CVE-2024-51954
There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone unfederated ArcGIS Server instance. Successful...
CVE-2025-23059
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive...
CVE-2022-20939
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this...
CVE-2024-20507
A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of sensitive information within the web-based management interface of...
CVE-2023-32168
D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the showUser...
PT-2024-1085 · Unknown · Cp-8050 Master Module +1
Name of the Vulnerable Software and Affected Versions: CP-8031 MASTER MODULE versions prior to CPCI85 V05.20 CP-8050 MASTER MODULE versions prior to CPCI85 V05.20 Description: A flaw has been identified in the network configuration service of affected devices, related to the conversion of ipv4...
Nokia NFM-T Security Vulnerability
Nokia NFM-T is a transport network function manager from Nokia of Finland. A security vulnerability exists in Nokia NFM-T version R19.9, which originates from an absolute path traversal vulnerability that could allow an authenticated, remote attacker to read arbitrary files...
PT-2023-4250 · Sap · Sap Business One
Name of the Vulnerable Software and Affected Versions: SAP Business One B1i module version 10.0 Description: The issue is related to the lack of protection of the SQL query structure in the B1i Layer component of SAP Business One. This allows a remote attacker to send specially crafted queries to...
CVE-2023-20062
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery SSRF attack on an affected system. Cisco plans to release software updates that address these vulnerabilities...
Vulnerability fixed in HCL BigFix
A vulnerability has been fixed in HCL BigFix. The vulnerability allows an authenticated remote malicious person to obtain to obtain sensitive data. HCL has released updates to fix the vulnerability. More information can be found on the page below: https://support.hcltechsw.com...
Cisco Small Business RV Series Routers 操作系统命令注入漏洞
The Cisco Small Business RV Series Routers is an RV Series router from Cisco. The Cisco Small Business RV340 and RV345 Routers are vulnerable to an operating system command injection vulnerability that arises from insufficient validation of user-supplied input in the web-based management interfac...
Vulnerabilities fixed in Oracle Database Server
Oracle has fixed vulnerabilities in the following products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage:...
Cisco Unity Connection 和 Cisco Unified Communications Manager 路径遍历漏洞
Cisco Unity Connection UC and Cisco Unified Communications Manager CUCM, Unified CM, CallManager are both products of Cisco Corporation.Cisco Unity Connection is a voice Cisco Unity Connection is a voice messaging platform. The platform can use voice commands to make calls or listen to messages i...
CVE-2021-1369
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...
Vulnerability fixed in Microsoft SQL Server
A vulnerability has been fixed in the Microsoft SQL product group. Server. The vulnerability is in the Power BI application. The vulnerability enables an authenticated remote malicious person to able to obtain sensitive information. Power BI:...
CVE-2019-15257
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper restrictions on configuration information. An...