37 matches found
PT-2025-32553 · Openfiler · Openfiler
Name of the Vulnerable Software and Affected Versions: Openfiler versions 2.x Description: Openfiler v2.x contains a command injection issue in the system.html page. The device parameter is used to create a NetworkCard object, and its constructor in network.inc calls exec with unsanitized input. ...
CVE-2025-6488
The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
PT-2023-1472 · Wago · Wago Cc100 +3
Name of the Vulnerable Software and Affected Versions: WAGO PFC100/PFC200 versions affected versions not specified WAGO CC100 versions affected versions not specified WAGO Edge Controller versions affected versions not specified WAGO Touch Panel 600 versions affected versions not specified...
SUSE CVE-2003-0289
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter...
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 信任管理问题漏洞
The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a trust management issue vulnerability that stems from the presence of multiple global defaul...
Command Injection
Overview umount is a device in UNIX, do nothing in Windows. Affected versions of this package are vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. PoC var root = require"umount"; var device = '" $touch Song "'; root.umountdevice, function;...
CVE-2011-1086
Cross-site scripting XSS vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter...
CVE-2011-1086
Cross-site scripting XSS vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter...
Openfiler Cross-Site Scripting Vulnerability
Openfiler is an open source network storage solution. A cross-site scripting vulnerability exists in admin / system.html in Openfiler version 2.3, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help of the 'device' parameter...
CVE-2018-18551
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...
CVE-2015-6004
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...
CVE-2015-6004
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...
PT-2015-7107 · Ipswitch · Ipswitch Whatsup Gold
Name of the Vulnerable Software and Affected Versions: IPSwitch WhatsUp Gold versions prior to 16.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: 1 the UniqueID also known as sUniqueID parameter to the "WrFreeFormText.as...
CVE-2012-4875
Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and...
PT-2011-2779 · Cisco · Ciscoworks Common Services
Name of the Vulnerable Software and Affected Versions: CiscoWorks Common Services versions 3.3 and earlier Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the device parameter in the cwhp/device.center.do API endpoint in t...
cman security, bug fix, and enhancement update
2.0.115-1 - RSA II fencing agent has been fixed. - Resolves: rhbz493802 2.0.114-1 - local variable 'verbosefilename' referenced before assignment has been fixed - RSA II fencing agent has been fixed. - Resolves: rhbz493802 rhbz514758 2.0.113-1 - Limitations with 2-node fencescsi are now properly...