35 matches found
CVE-2025-47901
Microchip Time Provider 4100 devices are affected by an OS Command Injection due to improper neutralization of special elements. The issue affects Time Provider 4100: before 2.5. The CVSS data indicates remote exploitation over the network with low privileges and no user interaction. Exploitation...
CVE-2025-47901 RCE on restore configuration password
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5...
EUVD-2006-2751
Malware in sbrugna...
EUVD-2019-6607
Malware in sbrugna...
EUVD-2020-23412
Malware in sbrugna...
EUVD-2015-7604
Malware in sbrugna...
EUVD-2022-5544
Malicious code in bioql PyPI...
PT-2025-38667
Name of the Vulnerable Software and Affected Versions CosmodiumCS OnlyRAT versions prior to 3.3 Description A vulnerability exists in CosmodiumCS OnlyRAT. The connect/remote upload/remote download function within the main.py file of the Configuration File Handler component is affected. Manipulati...
CosmodiumCS OnlyRAT 安全漏洞
CosmodiumCS OnlyRAT is a remote access Trojan by the CosmodiumCS individual developer, primarily used to demonstrate and study how remote control malware works. A security vulnerability exists in CosmodiumCS OnlyRAT 3.2 and earlier versions, which stems from a misuse of the parameter...
CVE-2025-49182
Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application...
CVE-2025-49182
CVE-2025-49182 involves credential disclosure where login credentials for the admin user and property configuration password are stored in source code, potentially giving an attacker full access to affected SICK Field Analytics and SICK Media Server products. Public sources consistently describe ...
CVE-2022-25210
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
CVE-2025-4375
Cross-Site Request Forgery CSRF vulnerability in Sparx Systems Pro Cloud Server allows Cross-Site Request Forgery to perform Session Hijacking. Cross-Site Request Forgery is present at the whole application but it can be used to change the Pro Cloud Server Configuration password. This issue affec...
CVE-2025-4375
Sparx Systems Pro Cloud Server versions earlier than 6.0.165 are vulnerable to a CSRF flaw that can lead to session hijacking and may be used to change the Pro Cloud Server Configuration password. Multiple connected advisories corroborate this vulnerability affecting the product as a whole; Red H...
CVE-2025-1688
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...
CVE-2025-1688 System configuration password reset
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...
CVE-2025-1688 System configuration password reset
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...
CVE-2025-1688
CVE-2025-1688 affects Milestone XProtect installer behavior where upgrading from older versions using 2024 R1/R2 installers resets the Management Server’s system configuration password. The vulnerability is triggered during upgrade processes and could bypass password protection, potentially impac...
CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...
DEBIAN-CVE-2024-23333
LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...