Command injection

A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been...

PT-2023-7475 · Ubiquiti · Ubiquiti Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 Description: The issue exists due to insufficient input validation in the Static Routing Configuration Handler component of the Ubiquiti EdgeRouter microprogram. Exploitation of this issue may allo...

CVE-2023-1456

CVE-2023-1456 affects Ubiquiti EdgeRouter X firmware 2.0.9-hotfix.6. The root cause is insufficient input validation in the NAT Configuration Handler, enabling remote command injection. Several sources confirm a remote exploit possibility; exploitation status is not uniformly characterized, but P...

PT-2023-7473 · Ubiquiti · Ubiquiti Edgerouter X

Name of the Vulnerable Software and Affected Versions: Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 Description: The issue exists due to insufficient input validation in the NAT Configuration Handler component of the Ubiquiti EdgeRouter's firmware, potentially allowing a remote attacker to execut...

Solar-Log GmbH 安全漏洞

Solar-Log GmbH is a data logger for monitoring photovoltaic power plants from Solar-Log GmbH, Germany. A security vulnerability exists in Solar-Log GmbH versions 2.8.4-56 and 3.5.2-85, which stems from an unknown function of the component configuration handler. An attacker could exploit the...

Fortinet FortiClient for Linux信息泄露漏洞

Fortinet FortiClient is a fabric agent from Fortinet USA, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client.An information disclosure vulnerability exists in Fortinet FortiClient for Linux. An unauthenticated attacker could exploit the...

CVE-2017-20013

A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This...

CVE-2017-20013

A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and ma...

PT-2022-7886 · Weka · Weka Interest Security Scanner

Name of the Vulnerable Software and Affected Versions: WEKA INTEREST Security Scanner versions up to 1.8 Description: A problematic vulnerability was found in the Stresstest Configuration Handler of the WEKA INTEREST Security Scanner, leading to a local denial of service through manipulation. The...

Fortinet FortiWLM Command Injection Vulnerability

A command injection vulnerability exists in Fortinet FortiWLC, a wireless LAN controller from Fortinet, which stems from a failure to properly validate input data in the alert dashboard and controller configuration handler. HTTP requests and execute arbitrary operating system commands on the targ...

Code injection

All versions of package config-handler are vulnerable to Prototype Pollution when loading config files...

Cachet configuration leak

Impact Authenticated users, regardless of their privileges User or Admin, can leak the value of any configuration entry of the dotenv file, e.g. the application secret APPKEY and various passwords email, database, etc. Patches This issue was addressed by improving UpdateConfigCommandHandler and...

Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter keyword before using the value as part of a SQL...