29 matches found
CVE-2025-66238
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
CVE-2025-66237
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
CVE-2025-66238
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
CVE-2025-66237
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine...
CVE-2025-66237 Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host...
CVE-2025-66237
CVE-2025-66237 affects Sunbird DCIM dcTrack and related platforms, where default and hard-coded credentials enable an authenticated attacker to administer the database, escalate privileges on the platform, or execute system commands on the host. Multiple sources confirm the existence of hard-code...
Sunbird DCIM dcTrack 信任管理问题漏洞
Sunbird DCIM dcTrack is an asset monitoring management software from Sunbird DCIM, Inc. A trust management issue vulnerability exists in Sunbird DCIM dcTrack that stems from the use of default and hard-coded credentials, which could lead to database management or system command execution...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
CVE-2024-37773
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...
CVE-2024-37775
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
CVE-2024-37775
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check...
CVE-2024-37776
A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...
CVE-2024-37773
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...
CVE-2024-37773
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...
CVE-2024-37775
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check...
CVE-2024-37775
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check...
CVE-2024-37773
CVE-2024-37773 describes an HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 . Authenticated administrators can inject arbitrary HTML into an admin screen, potentially affecting the admin UI. The vulnerability is described with a CVSS v3.1 base score of 4.8 (Medium) , with network attac...