34 matches found
EUVD-2021-10373
Malware in sbrugna...
EUVD-2021-10379
Malware in sbrugna...
EUVD-2021-10374
Malware in sbrugna...
EUVD-2021-10376
Malware in sbrugna...
EUVD-2021-10381
Malware in sbrugna...
EUVD-2021-10371
Malware in sbrugna...
EUVD-2021-10375
Malware in sbrugna...
EUVD-2020-27799
Malware in sbrugna...
CVE-2021-23282
CVE-2021-23282 affects Eaton Intelligent Power Manager (IPM) versions prior to 1.70. The issue is a stored cross-site scripting vulnerability caused by insufficient validation of input from certain resources in the IPM software. Exploitation requires access to the local subnet and administrator i...
VulnCheck KEV: CVE-2018-12031
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...
Eaton Intelligent Power Manager 跨站脚本漏洞
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A security vulnerability exists in Eaton Intelligent Power Manager Infrastructure IPM Infrastructure versio...
Eaton Intelligent Power Manager (IPM) < 1.69 Multiple Vulnerabilities (ETN-VA-2021-1000)
The version of Eaton Intelligent Power Manager installed on the remote Windows host is prior to 1.69. It is, therefore, affected multiple vulnerabilities: - Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improp...
Eaton Intelligent Power Manager Eval Injection Vulnerability
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...
Eaton Intelligent Power Manager SQL Injection Vulnerability
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An SQL injection vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, which is...
Eaton Intelligent Power Manager Remote Code Execution Vulnerability
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A remote code execution vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, whi...
Eaton Intelligent Power Manager Arbitrary File Deletion Vulnerability
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An arbitrary file deletion vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69,...
CVE-2021-23281
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in metadriversrv.js class. Attackers can send a specially crafted packet to make IPM connect to rou...
CVE-2021-23280
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s mapssrv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a speciall...
CVE-2021-23276
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base...
CVE-2021-23277
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...