67 matches found
CVE-2026-23925
The CVE-2026-23925 issue affects Zabbix where an authenticated User with template/host write perms can misuse configuration.import to create unauthorized objects, leading to confidentiality loss (e.g., unauthorized hosts). Public sources corroborate an authorization bypass in Zabbix frontend/API ...
CVE-2026-23925
An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...
Nokia IMPACT 安全漏洞
Nokia IMPACT is a set of IoT intelligent management platforms developed by Finnish company Nokia. Versions of Nokia IMPACT such as 19.11.2.10 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of CSRF token verification, which could allow remote attackers to...
CVE-2023-4465
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VV...
EUVD-2017-1608
Malware in sbrugna...
EUVD-2021-29732
Malicious code in bioql PyPI...
EUVD-2022-53455
Malicious code in bioql PyPI...
EUVD-2022-42727
Malicious code in bioql PyPI...
CVE-2025-54765
CVE-2025-54765 concerns XorMon-NG from Xorux. Affected: version 1.8 and earlier. An API endpoint that should be restricted to web app administrators is accessible to lower-level read-only users, enabling import of appliance configuration and potentially granting administrative privileges. The vul...
CVE-2022-32258
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure...
CVE-2021-42776
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...
CVE-2020-35708
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page...
CVE-2019-1003017
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...
The vulnerability of the configuration import function of the AcSELerator QuickSet SEL-5030 device management tool allows a perpetrator to execute arbitrary code.
The vulnerability of the configuration import function of the AcSELerator QuickSet SEL-5030 device management tool relates to the lack of measures taken to protect the SQL query structure during the processing of DMX format files. Exploiting this vulnerability allows a perpetrator to execute...
Trellix IPS Manager 代码问题漏洞
Trellix IPS Manager is a next-generation IPS for local and virtual networks from American FireEye Trellix. A security vulnerability exists in Trellix IPS Manager versions prior to 10.1 M8, which stems from the ability to import a saved XML configuration file through an external entity attack by a...
CVE-2022-32258
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure...
PT-2022-21183 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.1 Description: A vulnerability has been identified in the affected application, which contains an older feature that allows importing device configurations via a specific endpoint. An attacker...
CVE-2022-21182
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2020-16238
A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...
Design/Logic Flaw
A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...