The vulnerability of the GetLogs method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems of the TeleControl Server Basic allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetLogs method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

CVE-2025-32866

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetLogs' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write t...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an SQL injection in the GetLogs method, which can be exploited by an attacker to bypass authorization contro...

CVE-2021-39244

Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...

多款Altus Sistemas de Automacao设备信任管理问题漏洞

Altus Sistemas de Automacao Nexto NX30xx, among others, is an industrial automation device from Brazilian company Altus Sistemas de Automacao. A security vulnerability exists in several Altus Sistemas de Automacao devices, which stems from the presence of hard-coded .htaccess credentials for...

CVE-2020-8429

The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs...

CVE-2018-11077

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

The vulnerability of the uploadTelemetry and getLogs functions of the Media Server component in the Seagate Personal Cloud software, allowing a hacker to execute arbitrary commands.

The vulnerability of the uploadTelemetry and getLogs functions /usr/lib/djangohost/seagatemediaserver/views.py of the Media Server component of the software-defined networking storage device Seagate Personal Cloud relates to the absence of measures to neutralize special elements used in commands...

CVE-2018-5347

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...

CVE-2018-5347

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...