CVE-2024-8997 SQLi in Vestel's EVC04 Configuration Interface

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53...

CVE-2024-8997

CVE-2024-8997 is an SQL injection vulnerability in Vestel EVC04 Configuration Interface. The flaw arises from improper neutralization of special elements in SQL commands, affecting EVC04 UI prior to versions 3.187 and 4.53. It enables network-level, unauthenticated abuse with full impact on confi...

Vestel EVC04 Configuration Interface SQL注入漏洞

Vestel EVC04 Configuration Interface is an application from Vestel, Inc. Vestel EVC04 Configuration Interface versions 18.03.2025 and earlier have a SQL injection vulnerability that stems from improper neutralization of special elements in SQL commands, which can lead to SQL injection...

CVE-2025-22370

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

CVE-2025-22370 Mennekes smart/premium charges systems, SQL Injection in web configuration interface

Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized...

CVE-2025-22370

CVE-2025-22370 affects Mennekes Smart / Premium chargingpoints firmware web configuration interface. The vulnerability arises from insufficient input neutralization in multiple web config fields, allowing an attacker to execute arbitrary SQL commands. The issue is associated with firmware version...

SUSE CVE-2022-49145

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing CPC data If the NumEntries field in the CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then...

CVE-2024-50141

...

DEBIAN-CVE-2024-50117

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm

An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...

The vulnerability of the YAQL component in the interface for managing service configurations in the OpenStack Murano cloud platform, related to the lack of protection for service data, allows a attacker to disclose the protected information.

The vulnerability of the YAQL component in the interface for managing service configurations in the OpenStack Murano cloud platform is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected...

CVE-2024-4299

The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enablin...

CVE-2024-4297

The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...

HGiga iSherlock 操作系统命令注入漏洞

HGiga iSherlock is a series of software products from China's HGiga Technology HGiga Company. HGiga iSherlock has an operating system command injection vulnerability, which originates from an operating system command injection vulnerability in the system configuration interface. An attacker can...

PT-2024-30244

Name of the Vulnerable Software and Affected Versions HGiga iSherlock versions affected versions not specified MailSherlock versions affected versions not specified SpamSherock versions affected versions not specified AuditSherlock versions affected versions not specified Description The system...

PT-2024-30231

Name of the Vulnerable Software and Affected Versions HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock affected versions not specified Description The system configuration interface of HGiga iSherlock fails to filter special characters in certain function parameters, allowing...

[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40

The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources. Commons Configuration provides typed access to single, and multi-valued configuration parameters as demonstrated by the...

Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

CVE-2023-52026

TOTOlink EX1800T V9.1.0cu.2112B20220316 was discovered to contain a remote command execution RCE vulnerability via the telnetenabled parameter of the setTelnetCfg interface...

TOTOLINK EX1800T setWiFiExtenderConfig Interface Command Execution Vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T setWiFiExtenderConfig interface, which originates from the apcliAuthMode parameter of the cstecgi .cgi's setWiFiExtenderConfig interface that fai...