14 matches found
CVE-2024-32008
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...
CVE-2024-32009
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges...
CVE-2024-32011
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application use...
CVE-2024-32010
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run...
EUVD-2024-29852
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...
CVE-2024-32014
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...
CVE-2024-32014
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...
CVE-2024-32011
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application use...
CVE-2024-32011
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application use...
EUVD-2024-29847
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges...
CVE-2024-32008
Spectrum Power 4 (all versions
CVE-2024-32008
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user...
CVE-2022-23312
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP9 Security Patch 1. The integrated web application "Online Help" in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious...
CVE-2022-23312
A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP9 Security Patch 1. The integrated web application "Online Help" in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious...