VulnCheck KEV: CVE-2012-2626

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action...

CVE-2024-32846

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution...

PT-2024-26998 · Swissphone · Swissphone Dical-Red 4009

Name of the Vulnerable Software and Affected Versions: Swissphone DiCal-RED 4009 affected versions not specified Description: The issue allows a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...

CVE-2024-39569

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 HF1. The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker...

PT-2024-5080 · Siemens · Sinema Remote Connect Client

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.2 HF1 Description: A vulnerability has been identified in the system service of affected applications, which is vulnerable to command injection due to missing server-side input sanitation when...

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system...

PT-2024-30231

Name of the Vulnerable Software and Affected Versions HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock affected versions not specified Description The system configuration interface of HGiga iSherlock fails to filter special characters in certain function parameters, allowing...

PT-2024-21877 · Planet · Planet Igs-4215-16T2S

Name of the Vulnerable Software and Affected Versions: Planet IGS-4215-16T2S version 1.305b210528 Description: The issue is related to an information exposure vulnerability. It could allow a remote attacker to access some administrative resources due to the lack of proper management of the Switch...

CVE-2024-22397

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code...

PT-2024-19390 · Sonicwall · Sonicwall Email Security Appliance

Name of the Vulnerable Software and Affected Versions: SonicWall Email Security Appliance affected versions not specified Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a Path Traversal vulnerability. This could allow a remote...

PT-2024-21660 · Omron · Machine Automation Controller Nj Series +1

Name of the Vulnerable Software and Affected Versions: Machine Automation Controller NJ Series affected versions not specified Machine Automation Controller NX Series affected versions not specified Description: A path traversal vulnerability exists, allowing an arbitrary file in the affected...

CVE-2023-32333

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073...

PT-2024-15711 · Unknown · C21 Live Encoder/Live Mosaic

Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic version 5.3 Description: The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can b...

CVE-2023-6448

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system...

Devellion CubeCart Security Breach

Devellion CubeCart is a free and open source e-commerce shopping cart software from the company of Devellion UK. The software supports selling products, adding/editing products or images in an online store, etc. A security vulnerability exists in Devellion CubeCart versions prior to 6.5.3, which...

Nokia G-040W-Q Security Vulnerability

Nokia G-040W-Q is a modem from Nokia of Finland. A security vulnerability exists in Nokia G-040W-Q, which arises from insufficient filtering of user input. A remote attacker with administrator privileges can use this vulnerability to conduct a command injection attack to execute arbitrary command...

CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...

PT-2023-6373 · Wago · Wago

Name of the Vulnerable Software and Affected Versions: Wago products affected versions not specified Description: The issue allows a remote attacker with administrative privileges to access files through an undocumented local file inclusion. This access is logged in a different log file than...

PT-2023-21064 · Netapp · Snapcenter

Name of the Vulnerable Software and Affected Versions: SnapCenter versions 4.8 through 4.9 Description: The issue allows an authenticated SnapCenter Server user to potentially become an admin user on a remote system where a SnapCenter plug-in has been installed. Recommendations: For SnapCenter...

PT-2023-5067 · Microsoft · Azure Kubernetes Service

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service affected versions not specified Description: The issue is related to insufficient access controls in the Microsoft Azure Kubernetes Service, which can be exploited by a remote attacker to elevate their...