CVE-2021-33212

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...

CVE-2020-17381

An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary...

CVE-2020-2318

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2017-11749

InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file...

CVE-1999-0480

Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack...

Linux Distros Unpatched Vulnerability : CVE-2021-36370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-17 2N Access Commander Update A ICSA-25-037-04 Trimble Cityworks Update A CISA...

CVE-2024-47256

Successful exploitation of this vulnerability could allow an attacker who needs to have Admin access privileges to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. 2N has released an updated version...

CVE-2024-47258

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2...

CVE-2024-47258

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2...

CVE-2024-47256

Successful exploitation of this vulnerability could allow an attacker who needs to have Admin access privileges to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. 2N has released an updated version...

CVE-2024-47258

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2...

CVE-2024-47258

CVE-2024-47258 affects 2N Access Commander up to v2.1 (and earlier). The issue is a default-settings MITM risk caused by not validating TLS certificates of 2N edge devices. Mitigation details from connected docs show that 2N released v3.3 of Access Commander with Certificate Fingerprint Verificat...

CVE-2024-47258

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2...

CVE-2024-47256

CVE-2024-47256 affects 2N Access Commander prior to version 3.3 (notably 1.14 and older). The issue allows an attacker with Admin privileges to read a hardcoded AES passphrase used to decrypt data in certain backup files, enabling potential exposure of backup contents. 2N released version 3.3 to ...

CVE-2024-47256

Successful exploitation of this vulnerability could allow an attacker who needs to have Admin access privileges to read hardcoded AES passphrase, which may be used for decryption of certain data within backup files of 2N Access Commander version 1.14 and older. 2N has released an updated version...

2N Access Commander 安全漏洞

2N Access Commander is an access control solution from 2N. A security vulnerability exists in 2N Access Commander version 2.1 and prior versions that stems from not validating the credentials of 2N edge devices...

2N Access Commander 安全漏洞

2N Access Commander is an access control solution from 2N. A security vulnerability exists in 2N Access Commander version 1.14 and prior versions that stems from allowing hard-coded AES passwords...

CVE-2022-29887

Cross-site Scripting XSS in some IntelR Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

The vulnerability of the 2N Access Commander access control tool lies in the incorrect limitation of the path name for the restricted access catalog, allowing a intruder to execute arbitrary code.

The vulnerability of the 2N Access Commander access control system lies in the incorrect limitation of the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code...