FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

EUVD-2021-17066

Malware in sbrugna...

EUVD-2025-18228

Malicious code in bioql PyPI...

CVE-2025-5491

Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...

CVE-2025-5491

Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...

CVE-2025-5491 Acer ControlCenter - Remote Code Execution

Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...

CVE-2025-5491

Affected product: Acer ControlCenter (Windows). The CVE-2025-5491 entry describes a Remote Code Execution via a misconfigured Windows Named Pipe that uses a custom protocol to invoke internal functions, allowing low-privilege remote users to execute arbitrary code as NT AUTHORITY\SYSTEM and thus ...

CVE-2025-5491 Acer ControlCenter - Remote Code Execution

Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...

Acer ControlCenter 安全漏洞

Acer ControlCenter is a system management software from Acer Taiwan, China. A security vulnerability exists in Acer ControlCenter that stems from a misconfiguration of the Windows Naming Pipeline, which could lead to remote code execution...

PT-2025-25374 · Acer · Acer Controlcenter

Name of the Vulnerable Software and Affected Versions: Acer ControlCenter versions prior to 4.00.3058 Description: Acer ControlCenter contains a Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. This Named Pipe ...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

Design/Logic Flaw

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

CVE-2021-30126

Lightmeter ControlCenter versions 1.1.0–1.5.x before 1.5.1 expose a settings endpoint accessible via a known URL to unauthenticated users, allowing access to application settings and potentially leaking sensitive data (e.g., SMTP password, Slack access token) through a settings HTTP query. Root c...

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...

Lightmeter ControlCenter 安全漏洞

Lightmeter ControlCenter is a Lightmeter open source application . A monitoring and analysis system for Postfix mail servers . A security vulnerability exists in Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1, which stems from the fact that anyone who knows the URL of a publicly...

Phorum 5.1.20 include/controlcenter/users.php Multiple Method Remote Privilege Escalation

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

Quick Classifieds 1.0 - controlcenter/userSet.php3 DOCUMENT_ROOT Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...

CVE-2011-3392

Cross-site scripting XSS vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the realname parameter...