258 matches found
CVE-2021-23233
Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...
CVE-2019-15803
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fdssyspassDebugPasswdret. The...
CVE-2019-19846
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors...
CVE-2019-13205
All configuration parameters of certain Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files th...
CVE-2025-40582
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device...
CVE-2025-40582
A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged local attacker to execute root commands on the device...
Siemens SCALANCE LPE9403 操作系统命令注入漏洞
Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. The Siemens SCALANCE LPE9403 suffers from an operating system command injection vulnerability that originates from...
CVE-2025-46617
Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and...
Linux Distros Unpatched Vulnerability : CVE-2016-6796
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to...
CVE-2022-33258
Information disclosure due to buffer over-read in modem while reading configuration parameters...
CVE-2024-2746
Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...
CVE-2024-51737
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an...
UBUNTU-CVE-2024-51737
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an...
CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability
An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...
CVE-2024-42194
CVE-2024-42194 affects HCL BigFix Inventory: an access-control vulnerability arising from improper handling of permissions allows a read-only account to modify certain configuration parameters via a crafted REST API call. The available documents confirm the affected product and the underlying iss...
HCL BigFix Inventory 安全漏洞
HCL BigFix Inventory is a software inventory from HCL USA. Maintaining software audits reduces security risks through software compliance and utilization management. HCL BigFix Inventory has a security vulnerability that stems from insufficient permissions or improper handling of privileges. An...
CVE-2021-34750 Cisco Firepower Management Center Software Configuration Information Disclosure Vulnerability
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This...
LibreNMS has an Authenticated OS Command Injection
Summary An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. Details...
GHSA-X645-6PF9-XWXW LibreNMS has an Authenticated OS Command Injection
Summary An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. Details...
RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...