7 matches found
CVE-2023-7305 SmartBI RMIServlet Unrestricted File Upload RCE
SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...
PT-2024-25996 · Sunhillo · Sunhillo Sureline
Name of the Vulnerable Software and Affected Versions: Sunhillo SureLine versions through 8.10.0 Description: The issue allows for cgi/usrPasswd.cgi userid change XSS within the Forgot Password feature. This can be exploited through the /cgi/usrPasswd.cgi endpoint, specifically targeting the user...
CVE-2023-27521
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command...
PT-2023-21420 · Unknown · Solarview Compact Sv-Cpt-Mc310
Name of the Vulnerable Software and Affected Versions: SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 SolarView Compact SV-CPT-MC310F versions prior to Ver.8.10 Description: The issue is related to improper access control in the system date/time setting page, allowing a remote...
Contec SolarView Compact 操作系统命令注入漏洞
Contec SolarView Compact is an application system from Contec Japan. It provides measurement system for photovoltaic power generation. A security vulnerability exists in Contec SolarView Compact SV-CPT-MC310 Ver.8.10 prior and SV-CPT-MC310F Ver.8.10 prior, which stems from the presence of an...
Critical Flaws Affecting GE's Universal Relay Pose Threat to Electric Utilities
The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of critical security shortcomings in GE's Universal Relay UR family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain...
Gallagher Group Command Centre SQL Injection Vulnerability
Gallagher Group Command Centre is a centralized control tool for Gallagher access control systems from Gallagher Group New Zealand. A SQL injection vulnerability exists in Gallagher Group Command Centre, which can be exploited by a remote attacker to execute arbitrary SQL against a third-party...