CVE-2025-40942

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.4. Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges...

CVE-2025-40942

CVE-2025-40942 affects TeleControl Server Basic prior to version 3.1.2.4. The issue is a local privilege escalation that could allow an attacker to execute arbitrary code with elevated privileges on the affected software. Remediation consistently cited across sources is to update TeleControl Serv...

siemens TeleControl Server Basic 安全漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. A security vulnerability exists in siemens TeleControl Server Basic versions prior to V3.1.2.4, which stems from a local elevation of privilege vulnerability that could lead to the execution of arbitrary co...

PT-2026-2353

Name of the Vulnerable Software and Affected Versions TeleControl Server Basic versions prior to 3.1.2.4 Description The application contains a local privilege escalation issue that could allow an attacker to execute arbitrary code with elevated privileges. Recommendations Update TeleControl Serv...

Siemens TeleControl Server Basic

SUMMARY TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version. 2...

MiracleLinux 9 : php:8.2 (AXSA:2025-10480:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10480:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

MiracleLinux 9 : php:8.1 (AXSA:2025-9901:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9901:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

MiracleLinux 9 : php-8.0.30-3.el9_6 (AXSA:2025-10450:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10450:05 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...

MiracleLinux 9 : php:8.3 (AXSA:2025-10557:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10557:01 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth...

CVE-2025-69271

CVE-2025-69271 affects Broadcom DX NetOps Spectrum (Windows and Linux) up to version 24.3.13. The issue is described as insufficiently protected credentials that enable sniffing attacks. Multiple sources in connected documents corroborate the affected product and versions. Practical impact center...

PT-2026-3440

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description A flaw exists in the setWiFiBasicCfg function within the /cgi-bin/cstecgi.cgi file of the affected software. This issue is a buffer overflow that occurs when processing the ssid paramete...

CVE-2023-29168

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication...

CVE-2009-4839

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...

CVE-2009-4837

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE before 1.4.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 sig1 parameter to base/baseqrymain.php, or the time01 parameter to 2 base/basestatalerts.php or 3...

CVE-2009-4838

SQL injection vulnerability in baseagcommon.php in Basic Analysis and Security Engine BASE before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information...

CVE-2021-22817

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series All Versions, Vijeo Designer All Versions prior to V6.2 SP11 Multiple HotFix 4,...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

CVE-2022-37175

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet...

CVE-2022-37185

SQL injection vulnerability exists in the school information query interface repschoolproj.php of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage...

CVE-2019-11367

An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...