Lucene search
K

178 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40844

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS6.2AI score0.03074EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40845

Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...

10CVSS6.2AI score0.03081EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40846

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40459

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40458

Storage Concentrator SC & SCVM is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser...

6.1CVSS5.8AI score0.00236EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56415

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS0.03074EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-56413

Storage Concentrator SC & SCVM contains a command injection vulnerability in the msservice.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a...

10CVSS0.03081EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-50110

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-50040

Storage Concentrator SC & SCVM is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser...

6.1CVSS0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:54 p.m.18 views

CVE-2026-50110

The CVE-2026-50110 entry concerns Storage Concentrator (SC & SCVM) that contains hardcoded credentials for numerous internal services embedded in a configuration file. The credentials are encoded but reversible to plaintext, exposing accounts for databases, licensing, replication, and third-party...

9.3CVSS5.8AI score0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:54 p.m.26 views

CVE-2026-50110 Use of Hard-coded Credentials in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:50 p.m.21 views

CVE-2026-56413

CVE-2026-56413 affects StoneFly Storage Concentrator (SC & SCVM). The ms_service.pl component listening on TCP port 9000 is vulnerable to command injection. An unauthenticated remote attacker can send a specially crafted network packet that is processed without proper sanitization, enabling arbit...

10CVSS6.2AI score0.03081EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:40 p.m.24 views

CVE-2026-56415 OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS0.03074EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:40 p.m.36 views

CVE-2026-56415

The vulnerability CVE-2026-56415 affects the Storage Concentrator (SC & SCVM). The issue is a command injection in the debug.pl script that is reachable without authentication. A remote attacker can send a crafted HTTP request containing a malicious payload which is processed without proper input...

10CVSS6.2AI score0.03074EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:36 p.m.5 views

CVE-2026-55721

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 10:36 p.m.24 views

CVE-2026-55721 SQL Injection in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS0.00406EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:36 p.m.18 views

CVE-2026-55721

The CVE-2026-55721 entry describes a SQL injection vulnerability in StoneFly Storage Concentrator (SC & SCVM). The issue arises when cookie values are processed by login.pl and debug.pl, with the cookie data directly embedded into database queries without proper sanitization. This allows an unaut...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:27 p.m.28 views

CVE-2026-50040 Cross-site Scripting in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser...

6.1CVSS0.00236EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:27 p.m.7 views

CVE-2026-50040

Storage Concentrator SC & SCVM is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser...

6.1CVSS5.8AI score0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54015

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description Reflected cross-site scripting occurs because unsanitized content is echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References5
Rows per page
Query Builder