18 matches found
CVE-2026-29522
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
EUVD-2026-12520
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
CVE-2026-29522
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
CVE-2026-29522
CVE-2026-29522 affects ZwickRoell Test Data Management prior to version 3.0.8. A local file inclusion (LFI) vulnerability exists in /server/node_upgrade_srv.js that allows an unauthenticated attacker to supply directory traversal sequences via the firmware parameter to access arbitrary server fil...
CVE-2026-29522
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
CVE-2026-29522 ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
CVE-2026-29522 ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
PT-2026-25816
Name of the Vulnerable Software and Affected Versions ZwickRoell Test Data Management versions prior to 3.0.8 Description The software contains a local file inclusion issue in the /server/node upgrade srv.js endpoint. An attacker can provide directory traversal sequences through the firmware...
CVE-2018-12031
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...
CVE-2025-61675
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...
CVE-2025-55588
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fwip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-55588
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fwip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
eCharge Hardy Barth Salia PLCC 代码问题漏洞
The eCharge Hardy Barth Salia PLCC is a charging post controller from eCharge Germany. A code issue vulnerability exists in eCharge Hardy Barth Salia PLCC version 2.2.0, which stems from an incorrect manipulation of the parameter media in the file /firmware.php resulting in an unrestricted upload...
TOTOLINK CA300-PoE 安全漏洞
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. TOTOLINK CA300-PoE has a command injection vulnerability, the vulnerability stems from the recvUpgradeNewFw function fwUrl parameter fails to correctly filter the construction of the command special characters,...
Eaton Intelligent Power Manager File Containment Vulnerability
Eaton Intelligent Power Manager is a tool from Eaton Corporation of America for monitoring and managing power in house or virtual environments. A security vulnerability exists in Eaton Intelligent Power Manager version 1.6. The vulnerability can be exploited by an attacker with the 'firmware'...
Directory traversal
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...
CVE-2018-12031
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...
CVE-2018-12031
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...