29 matches found
FlatnuX CMS - Directory Traversal
A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...
EUVD-2021-17066
Malware in sbrugna...
EUVD-2025-18228
Malicious code in bioql PyPI...
CVE-2025-5491
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...
CVE-2025-5491
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...
CVE-2025-5491 Acer ControlCenter - Remote Code Execution
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...
CVE-2025-5491 Acer ControlCenter - Remote Code Execution
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One...
CVE-2025-5491
Affected product: Acer ControlCenter (Windows). The CVE-2025-5491 entry describes a Remote Code Execution via a misconfigured Windows Named Pipe that uses a custom protocol to invoke internal functions, allowing low-privilege remote users to execute arbitrary code as NT AUTHORITY\SYSTEM and thus ...
PT-2025-25374 · Acer · Acer Controlcenter
Name of the Vulnerable Software and Affected Versions: Acer ControlCenter versions prior to 4.00.3058 Description: Acer ControlCenter contains a Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. This Named Pipe ...
Acer ControlCenter 安全漏洞
Acer ControlCenter is a system management software from Acer Taiwan, China. A security vulnerability exists in Acer ControlCenter that stems from a misconfiguration of the Windows Naming Pipeline, which could lead to remote code execution...
CVE-2021-30126
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...
CVE-2021-30126
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...
CVE-2021-30126
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...
Design/Logic Flaw
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...
CVE-2021-30126
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query...
CVE-2021-30126
Lightmeter ControlCenter versions 1.1.0–1.5.x before 1.5.1 expose a settings endpoint accessible via a known URL to unauthenticated users, allowing access to application settings and potentially leaking sensitive data (e.g., SMTP password, Slack access token) through a settings HTTP query. Root c...
Lightmeter ControlCenter 安全漏洞
Lightmeter ControlCenter is a Lightmeter open source application . A monitoring and analysis system for Postfix mail servers . A security vulnerability exists in Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1, which stems from the fact that anyone who knows the URL of a publicly...
Phorum 5.1.20 include/controlcenter/users.php Multiple Method Remote Privilege Escalation
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
Quick Classifieds 1.0 - controlcenter/userSet.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
CVE-2011-3392
Cross-site scripting XSS vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the realname parameter...