12 matches found
CVE-2026-25108
Soliton Systems K.K. FileZen contains an OS command injection vulnerability (CVE-2026-25108) exploitable when the Antivirus Check Option is enabled. An authenticated user can issue a crafted HTTP request to execute arbitrary OS commands. Affected versions include FileZen 4.2.1–4.2.8 and 5.0.0–5.0...
Mahara 安全漏洞
Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 23.04.8 and 24.04.4 that stems from a learning tool interoperability login that could result in elevated privileges...
Input validation
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...
PT-2024-2300 · Hikvision · Hikcentral Professional
Name of the Vulnerable Software and Affected Versions: HikCentral Professional affected versions not specified Description: The issue is related to insufficient server-side validation, allowing an attacker with login privileges to access certain resources by changing parameter values. This could...
CVE-2020-26194
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISIPRIVLOGINCONSOLE or ISIPRIVLOGINSSH privileges to exploit the vulnerability, leading to compromised cryptographic...
Arbitrary File Upload Vulnerability in Metadata Platform (MetaCube) of Puyuan Information Technology Co.
Metadata Platform MetaCube of Puyuan Information Technology Co., Ltd. is a tool support for enterprises to establish metadata management system. An arbitrary file upload vulnerability exists in the MetaCube platform of Puyuan Information Technology Co. An attacker can exploit the vulnerability to...
HPE iLO 4 < 2.53 - Add New Administrator User
!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...
PgBouncer Security Vulnerability
PgBouncer is a lightweight set of database connection pooling tools for PostgreSQL , it can provide a unified view of the links to the client . A security vulnerability exists in version 1.6.x of PgBouncer prior to 1.6.1. A remote attacker can exploit this vulnerability to gain login privileges...
Rockwell Automation Integrated Architecture Builder Arbitrary Code Execution Vulnerability
Rockwell Automation Integrated Architecture Builder IAB is a Logix-based automation system for configuring industrial control systems used in Rockwell Automation. An arbitrary code execution vulnerability exists in Rockwell Automation IAB. The vulnerability can be exploited by an attacker to...
MySQL 3.20.32/3.22.x/3.23.x Null Root Password Weak Default Configuration Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration problem has been reported in the Windows bina...
MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration (2)
/ source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration problem has been reported in the Windows binary release of MySQL. Reportedly,...
MySQL 3.20.32/3.22.x/3.23.x - Null Root Password Weak Default Configuration (1)
/ source: https://www.securityfocus.com/bid/5503/info MySQL is is an open source relational database project, and is available for a number of operating systems, including Microsoft Windows. A weak default configuration problem has been reported in the Windows binary release of MySQL. Reportedly,...