GHSA-HVX9-HWR7-WJJ9 Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...

CVE-2021-47771

Affected software: RDP Manager 4.9.9.3. Vulnerability: denial-of-service via malformed input fields in the connection configuration, specifically Verbindungsname and Server, allowing a local attacker to freeze/crash the application and potentially require full reinstallation. Root cause: input fi...

CVE-2025-34304

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

EUVD-2025-36510

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

CVE-2025-34304

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

CVE-2025-34304 IPFire < v2.29 SQL Injection via OpenVPN Connection Logs

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

CVE-2025-34304 IPFire < v2.29 SQL Injection via OpenVPN Connection Logs

IPFire versions prior to 2.29 Core Update 198 contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTIONNAME parameter. When viewing a range of OpenVPN connection logs, the application issues...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization. It is primarily used as a router and firewall. A security vulnerability exists in IPFire versions prior to 2.29 that stems from insufficient cleaning and escaping of the CONNECTIONNAME parameter, which could lead to an SQL...

EUVD-2009-1261

Malware in sbrugna...

EUVD-2020-10588

Malware in sbrugna...

CVE-2020-18664

Cross Site Scripting XSS vulnerability in WebPort =1.19.1via the connection name parameter in type-conn...

CVE-2025-29322

A cross-site scripting XSS vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages...

CVE-2025-29322

ScriptCase CVE-2025-29322 describes a cross-site scripting (XSS) vulnerability in ScriptCase prior to v1.0.003 – Build 3. The issue allows an attacker to execute arbitrary code through a crafted payload entered in the Connection Name field on the New Connection and Rename Connection pages. The CV...

SUSE CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute...

CVE-2020-18664

Cross Site Scripting XSS vulnerability in WebPort =1.19.1via the connection name parameter in type-conn...

Cross site scripting

Cross Site Scripting XSS vulnerability in WebPort =1.19.1via the connection name parameter in type-conn...

CVE-2020-18664

Cross Site Scripting XSS vulnerability in WebPort =1.19.1via the connection name parameter in type-conn...

WebPort 跨站脚本漏洞

WebPort is a remote access and preventive maintenance device. It enables access to control system data and devices. A security vulnerability exists in WebPort =1.19.1 that stems from an xss vulnerability via the connection-name parameter in type-conn...

zFTP Client 20061220 - &#039;Connection Name&#039; Local Buffer Overflow

Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: zFTP Client Affected value: NAME under FTP connection Where in the code: Line 30 in strcpychk.c strcpychk dest=0xb7f811c0 "/KUIP", src=0xb76a6680 "/MACRO",...

zFTP Client 20061220 - 'Connection Name' Local Buffer Overflow

Exploit for linux platform in category local exploits Program affected: zFTP Client Affected value: NAME under FTP connection Where in the code: Line 30 in strcpychk.c strcpychk dest=0xb7f811c0 "/KUIP", src=0xb76a6680 "/MACRO", destlen=0x50 at strcpychk.c:30 Version: 20061220+dfsg3-4.1 Tested and...