226 matches found
CVE-2023-51590 Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. T...
CVE-2023-51590
CVE-2023-51590 affects Voltronic Power ViewPower Pro. The vulnerability is an unrestricted file upload in the UpLoadAction class, caused by insufficient validation of user-supplied data. This allows remote attackers to upload arbitrary files and execute code with LOCAL SERVICE privileges, without...
CVE-2023-51588 Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability
Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute...
CVE-2023-51588 Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability
Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute...
CVE-2023-51587
CVE-2023-51587 relates to Voltronic Power ViewPower, where the vulnerable component is the getModbusPassword method. The root cause is a lack of authentication before accessing this functionality, enabling remote attackers to disclose stored credentials. The issue is documented across multiple so...
CVE-2023-51587 Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerabilit...
CVE-2023-51587 Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability
Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerabilit...
CVE-2023-51586 Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51586
Voltronic Power ViewPower Pro is affected by a SQL injection in the selectEventConfig method, allowing remote code execution with no authentication. The flaw arises from unsafely using a user-supplied string to construct SQL queries, enabling code execution in the context of LOCAL SERVICE. Docume...
CVE-2023-51586 Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51585 Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that a...
CVE-2023-51584 Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in...
CVE-2023-51584
CVE-2023-51584 affects Voltronic Power ViewPower Pro. The vulnerability is in the shutdown/Shutdown method which exposes a dangerous method, enabling remote code execution in the context of the current user. An attacker must have user interaction (an administrator must trigger the shutdown operat...
CVE-2023-51583
CVE-2023-51583 affects Voltronic Power ViewPower; the flaw is in the UpsScheduler class due to an exposed dangerous method, enabling remote code execution with SYSTEM context. It requires no authentication and is exploitable over the network (per ZDI advisory). The available documents confirm the...
CVE-2023-51583 Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51581 Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51581
CVE-2023-51581 affects Voltronic Power ViewPower, specifically the MacMonitorConsole class, where an exposed dangerous method enables remote code execution with no authentication. The ZDI advisory and NVD/NVD-derived metrics indicate a high-severity, remote code execution vulnerability (CVSSv3.0:...
CVE-2023-51581 Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51579 Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability
Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2023-51579
CVE-2023-51579 affects Voltronic Power ViewPower. Root cause: incorrect permissions on folders in the product installer, enabling local privilege escalation to SYSTEM when an attacker can execute low-privileged code. Exploitation is local with low complexity and no user interaction; no patch/vers...