CVE-2026-20115

Cisco IOS XE Software for Cisco Meraki contains a vulnerability that could allow a remote, unauthenticated attacker to view confidential device information. The issue stems from a device configuration upload performed over an insecure tunnel, enabling an on-path attacker between the affected devi...

CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the configuration file upload process. An attacker with administrative privileges could create datasets with arbitrary names and locations, causing unintended behavior and potentially causing a denial of...

Frauscher Sensortechnik多款产品 操作系统命令注入漏洞

Frauscher Sensortechnik FDS102 and others are a diagnostic system device from Frauscher. An operating system command injection vulnerability exists in various Frauscher Sensortechnik products, which stems from improper neutralization of special elements when uploading configuration files, and cou...

CVE-2019-14771

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the...

PT-2023-5302 · Unknown · Modulys Gp

Name of the Vulnerable Software and Affected Versions: MODULYS GP MOD3GP-SY-120K affected versions not specified Description: The issue exists due to a lack of protection for the web page structure, allowing a remote attacker to perform cross-site scripting XSS attacks. This could enable an...

CVE-2022-3226

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA...

PT-2022-5774 · Sophos · Sophos Firewall

Name of the Vulnerable Software and Affected Versions: Sophos Firewall versions prior to 19.5 GA Description: The issue allows for OS command injection, enabling the execution of code via SSL VPN configuration uploads. This can be exploited by a remote attacker to execute arbitrary code...

CVE-2013-2762

The CVE-2013-2762 issue affects the Schneider Electric Magelis XBT HMI controller and is caused by a default password used for authentication of configuration uploads. This allows remote attackers to bypass access restrictions via crafted configuration data. Exploitation details or existence of i...