40 matches found
CVE-2017-6900
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68915
Riello UPS NetMan 208 Application prior to 1.12 is affected by a cross-site scripting (XSS) vulnerability in the CGI script cgi-bin/loginbanner_w.cgi, exploitable via a crafted banner. The issue arises from the loginbanner_w.cgi component and can lead to script execution within the context of the...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
PT-2025-53345
Name of the Vulnerable Software and Affected Versions Riello UPS NetMan 208 Application versions prior to 1.12 Description The Riello UPS NetMan 208 Application is affected by a SQL injection issue in the cgi-bin/login.cgi script. Specifically, the username parameter is susceptible to SQL injecti...
PT-2025-53346
Name of the Vulnerable Software and Affected Versions Riello UPS NetMan 208 Application versions prior to 1.12 Description The Riello UPS NetMan 208 Application, before version 1.12, contains a cross-site scripting XSS issue in the cgi-bin/loginbanner w.cgi component. This allows for the injectio...
EUVD-2017-15954
Malware in sbrugna...
EUVD-2024-49451
Malicious code in bioql PyPI...
CVE-2024-8877
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...
CVE-2024-8878
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05...
VulnCheck KEV: CVE-2024-8877
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...
CVE-2024-8877
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...