14 matches found
CVE-2020-36909
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the editconfigfiles CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/editconfigfiles to access and modify files...
CVE-2020-36909
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the editconfigfiles CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/editconfigfiles to access and modify files...
CVE-2020-36909 Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read/Write
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the editconfigfiles CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/editconfigfiles to access and modify files...
MAL-2025-172670 Malicious code in aaku-lia-tea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 707693d731a613f7f78c218aae2d24f28bdbccb7b60871d44c7c8a312dcbfe8e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in gita-asinan11-sukiwir (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bba5166dd2777510eced389b179a3acf445cd0f9633a5b4e4a0b2e0eda3eb5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2020-36865
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
EUVD-2020-30806
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
CVE-2020-36865
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
CVE-2020-36865
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the BPI Business Process Intelligence component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
CVE-2020-36865
Nagios XI
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.2 that stems from the Config Management and...
DRUPAL-CONTRIB-2025-093
This module enables you to access an edit page for a config page. The module doesn't sufficiently check the access permissions hookENTITYTYPEaccess wasn't taken into account. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "edit ID config page" an...
PT-2025-2006 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB05 R1B011D88210 Description: A critical issue has been found in the ACL Handler component, specifically affecting an unknown part of the file /goform/form2LocalAclEditcfg.cgi. This issue leads to improper acce...
CVE-2020-7255
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface...