49 matches found
Invigo Automatic Device Management Arbitrary OS Command Injection Vulnerability
Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. An arbitrary OS command injection vulnerability exists in /admin/admapi.php in...
CVE-2020-10579
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application...
CVE-2020-10582
A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...
CVE-2020-10582
A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...
CVE-2020-10581
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...
CVE-2020-10583
The /admin/admapi.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application...
CVE-2020-10584
A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...
CVE-2020-10584
A directory traversal on the /admin/searchby.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application...
CVE-2020-10580
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...
CVE-2020-10579
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application...
CVE-2020-10581
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...
CVE-2020-10583
The /admin/admapi.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application...
CVE-2020-10580
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...
Directory traversal
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application...
Sql injection
A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...
Session fixation
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...
CVE-2020-10579
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application...
CVE-2020-10579
The CVE-2020-10579 vulnerability affects Invigo Automatic Device Management (ADM) up to and including version 5.0, in the /admin/sysmon.php script. A directory traversal flaw allows remote attackers to list contents of arbitrary server directories accessible to the application user, enabling disc...
CVE-2020-10580
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...
CVE-2020-10580
The CVE-2020-10580 entry describes a command injection in Invigo Automatic Device Management (ADM) via the /admin/broadcast.php script, affecting ADM versions through 5.0. The underlying flaw enables remote authenticated attackers to execute arbitrary PHP code on the server as the application use...