Origin Validation Error

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Origin Validation Error via the Central Browser mode autodiscovery. An attacker can obtain authentication secrets by advertising a malicious Zeroconf service on the same local...

GHSA-VX5F-957P-QPVM Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...

CVE-2023-53948

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmapbinary parameter to execute a reverse shell by sending a crafted POST reques...

CVE-2023-53948

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmapbinary parameter to execute a reverse shell by sending a crafted POST reques...

EUVD-2025-204593

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmapbinary parameter to execute a reverse shell by sending a crafted POST reques...

CVE-2023-53948

CVE-2023-53948 affects Lilac-Reloaded for Nagios 2.0.8. The vulnerability is a remote code execution in the autodiscovery feature caused by a lack of input filtering in the nmap_binary parameter, enabling an attacker to inject commands and potentially trigger a reverse shell via a crafted POST re...

CVE-2023-53948 Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmapbinary parameter to execute a reverse shell by sending a crafted POST reques...

CVE-2023-53948 Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmapbinary parameter to execute a reverse shell by sending a crafted POST reques...

Lilac-Reloaded 操作系统命令注入漏洞

Lilac-Reloaded is a graphical configuration management tool for eskyuu individual developers. An operating system command injection vulnerability exists in Lilac-Reloaded version 2.0.8, which stems from a lack of input filtering in the autodiscovery feature, and could lead to remote code executio...

PT-2025-52519

Name of the Vulnerable Software and Affected Versions Lilac-Reloaded for Nagios version 2.0.8 Description The software contains a remote code execution issue in the autodiscovery feature. Attackers can inject arbitrary commands due to a lack of input filtering in the nmap binary parameter...

EUVD-2020-20380

Malware in sbrugna...

EUVD-2020-7633

Malware in sbrugna...

EUVD-2019-7950

Malware in sbrugna...

EUVD-2020-16791

Malware in sbrugna...

VulnCheck KEV: CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

MAL-2025-4973 Malicious code in juno-autodiscovery-browser (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41d44749dbef196f862f8cab350ac18340a99385cbe96ecb2c13a1eed2603d99 The OpenSSF Package Analysis project identified...

Malicious code in juno-autodiscovery-browser (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41d44749dbef196f862f8cab350ac18340a99385cbe96ecb2c13a1eed2603d99 The OpenSSF Package Analysis project identified...

CVE-2020-8654

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...

CVE-2020-24055

Verint 5620PTZ VerintFW042 and Verint 4320 V4320FW023, and V4320FW031 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666. The service is vulnerable to a stack buffer overflow. It is worth noting that this service does not requi...

CVE-2019-17642

An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin...