CVE-2024-45887

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

CVE-2024-45893

DrayTek Vigor3900, firmware 1.5.1.3, contains a post-authentication command injection vulnerability in CGI path cgi-bin/mainfunction.cgi when the action parameter is set to setSWMOption. This affects the device as described in multiple sources (CVE-2024-45893, Red Hat, NVD, CVE databases) and sho...

CVE-2024-45885

DrayTek Vigor3900 firmware 1.5.1.3 contains a post-authentication command injection vulnerability triggered by the action parameter in cgi-bin/mainfunction.cgi when set to autodiscovery_clear. The issue is documented across multiple sources (NVD, Red Hat, CIRCL, CNNVD, CVE listings). The vulnerab...

CVE-2024-45884

DrayTek Vigor3900 firmware 1.5.1.3 is affected by a post-authentication command-injection vulnerability. The flaw occurs when the action parameter in /cgi-bin/mainfunction.cgi is set to setSWMGroup, allowing potentially arbitrary commands to be executed after authentication. CVSS v3.1: AV Adjacen...

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 is affected by a post-authentication command injection in cgi-bin/mainfunction.cgi when action=delete_wlan_profile is used. The vulnerability allows arbitrary commands with low privileges after authentication, impacting confidentiality, integrity, and availability (CVSS ...

CVE-2024-45890

CVE-2024-45890 affects DrayTek Vigor3900 (version 1.5.1.3). The vulnerability is a post-authentication command injection caused by lack of neutralization of certain characters in the action parameter to cgi-bin/mainfunction.cgi when action equals download_ovpn. Impact is high (remote command exec...

CVE-2024-45887

DrayTek Vigor3900 firmware 1.5.1.3 contains a post-authentication command injection in cgi-bin/mainfunction.cgi when action is set to doOpenVPN, enabling arbitrary command execution after login. Impact is described as high (complete compromise of confidentiality, integrity, and availability). Mit...

CVE-2024-9987

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agentsmodulescsv functionality. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-9987

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agentsmodulescsv functionality. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-35308

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-35308

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-35308 Post-auth Arbitrary File Read in the Server Plugins Section

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-35308 Post-auth Arbitrary File Read in the Server Plugins Section

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through 777.3...

CVE-2024-35308

CVE-2024-35308 is a post-authentication arbitrary file read vulnerability in Pandora FMS, affecting versions 700 through 777.3. The flaw resides in the server’s plugins section within the plugin edition feature , enabling unauthorized access to server files after authentication. Observed impact (...

CVE-2024-9987

CVE-2024-9987 corresponds to a post-authentication SQL injection in Pandora FMS (extensions/agents_modules_csv, filters parameter) affecting versions from 700 up to

Pandora FMS SQL注入漏洞

Pandora FMS is a monitoring system from Pandora FMS, USA. The system monitors networks, servers, virtual infrastructures, applications, etc. through visualization. A security vulnerability exists in Pandora FMS that stems from a post-authentication SQL injection vulnerability in the filters...

Pandora FMS 路径遍历漏洞

Pandora FMS is a monitoring system from Pandora FMS, USA. The system monitors networks, servers, virtual infrastructures, applications, etc. through visualization. A security vulnerability exists in Pandora FMS versions 700 through prior to 777.3 that stems from a post-authentication arbitrary fi...

Zyxel USG FLEX 4.16 < 5.39 Multiple Vulnerabilities

The Firmware version of the Zyxel USG FLEX device is affected by multiple vulnerabilities: - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series...