113 matches found
EUVD-2024-33224
Malicious code in bioql PyPI...
EUVD-2022-40725
Malicious code in bioql PyPI...
EUVD-2021-33938
Malicious code in bioql PyPI...
Sangoma FreePBX Authentication Bypass Vulnerability
Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution...
FreePBX 安全漏洞
FreePBX formerly known as Asterisk Management Portal is a suite of tools from the FreePBX project for configuring Asterisk an IP telephony system via a GUI web-based graphical interface. A security vulnerability exists in FreePBX version 15.0.66 and versions prior to 17.0.3, which stems from...
CVE-2025-7752
A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql injection. The attack may be launched remotely...
The vulnerability of the handle_request function in the ASUS GT-AC2900 router allows a hacker to gain unauthorized access to the administrator interface.
The vulnerability of the handlerequest function in ASUS GT-AC2900 routers is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the administrator interface...
CVE-2021-23896
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security DBSec prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to...
CVE-2020-8222
A path traversal vulnerability exists in Pulse Connect Secure 9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting...
CVE-2002-2345
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access...
The vulnerability of the administrator’s user interface function “Configuration XML” of the Continuous Integration and Delivery (CI/CD) GoCD system allows a perpetrator to increase their privileges.
The vulnerability of the “Configuration XML” user interface function in the Continuous Integration and Delivery CI/CD GoCD system is related to improper authentication. Exploiting this vulnerability allows a malicious actor to increase their privileges remotely...
CVE-2024-10653
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server...
CVE-2024-10651
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files...
CVE-2024-10653 CHANGING Information Technology IDExpert - OS Command Injection
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server...
CVE-2024-10653 CHANGING Information Technology IDExpert - OS Command Injection
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server...
CVE-2024-10651 CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files...
CHANGING IDExpert 操作系统命令注入漏洞
CHANGING IDExpert is an authentication system based on zero trust and integrating various mechanisms such as FIDO, biometrics, MFA, etc. from China-based CHANGING. An operating system command injection vulnerability exists in CHANGING IDExpert versions 2.6.1 through 2.8.1.240620, which originates...
CVE-2023-44279
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a...
Dell PowerProtect Data Domain Operating System Command Injection Vulnerability
Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain, which stems from an administrator command line...
PT-2023-29186 · Dell · Dell Powerprotect Dd
Name of the Vulnerable Software and Affected Versions: Dell PowerProtect DD versions prior to 7.13.0.10 Dell PowerProtect DD LTS versions prior to 7.7.5.25 Dell PowerProtect DD LTS versions prior to 7.10.1.15 Dell PowerProtect DD version 6.2.1.110 Description: The issue concerns an OS command...