The vulnerability of the VulnDownloader class in the Network Configuration Manager (NCM) software allows a hacker to execute arbitrary code.

The vulnerability of the VulnDownloader class in the Network Configuration Manager NCM software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the SYSTEM context remotely...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

Cross site scripting

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

PT-2023-5387 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.11.1 and earlier Description: The issue is related to a SQL injection vulnerability in the Core Configuration Manager of Nagios XI. This vulnerability is caused by the lack of protection against SQL query structure...

ZOHO ManageEngine Network Configuration Manager Access Control Error Vulnerability

ZOHO ManageEngine Network Configuration Manager is a multi-vendor network change, configuration and compliance management nccm solution from ZOHO. It is designed to automate and fully control the entire lifecycle of device configuration management. A security vulnerability exists in ZOHO...

CVE-2023-29505

Zoho ManageEngine Network Configuration Manager 12.6.165 has a WebSocket endpoint vulnerability that enables Cross-site WebSocket hijacking. The connected documents consistently identify the affected product/version and the attack class, but do not provide concrete exploit details, affected confi...

SolarWinds Network Configuration Manager VulnDownloader Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Configuration Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the VulnDownloader class. The issue results from the lack of proper...

CVE-2023-23842

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands...

Directory traversal

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands...

CVE-2023-23842

The CVE-2023-23842 issue affects SolarWinds Network Configuration Manager. Root cause: directory traversal due to improper validation in the VulnDownloader class, enabling remote code execution. Exploitation requires admin access to the SolarWinds Web Console, with no user interaction, and can gr...

CVE-2023-23842 SolarWinds Network Configuration Manager Directory Traversal Vulnerability

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands...

CVE-2023-23842 SolarWinds Network Configuration Manager Directory Traversal Vulnerability

The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands...

SolarWinds Network Configuration Manager 路径遍历漏洞

SolarWinds Network Configuration Manager is an easy-to-use solution from SolarWinds USA. A security vulnerability exists in SolarWinds Network Configuration Manager that stems from a directory traversal vulnerability. An attacker with administrative access could exploit the vulnerability to execu...

PT-2023-4418 · Solarwinds · Solarwinds Network Configuration Manager

Name of the Vulnerable Software and Affected Versions: SolarWinds Network Configuration Manager affected versions not specified Description: The issue is related to a Directory Traversal Vulnerability in the SolarWinds Network Configuration Manager. This vulnerability can be exploited by a remote...

Exploit for Race Condition in Microsoft

This is a PoC exploit for CVE-2023-36884, a vulnerability in Mic...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2019-2602, CVE-2019-2684)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, a component of IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2019-0211, CVE-2019-0220)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM HTTP Server,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2018-10237)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (CVE-2018-3180, CVE-2018-3139)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6, 8 and IBM® Runtime Environment Java™ Technology Edition, Versions 6, 8 used by IBM Tivoli Netcool Configuration Manager. These issues were disclosed as part of the IBM Java SDK updates in October 2018...