202 matches found
WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...
CVE-2026-25620
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25620 Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
CVE-2026-25620
The CVE-2026-25620 issue affects Arista Edge Threat Management NGFW (Captive Portal) in version 17.4.0 and earlier. It is a command injection vulnerability within the Captive Portal application framework that can be triggered by actions performed via the NGFW UI, requiring administrative access. ...
CVE-2026-25620 Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
EUVD-2026-34903
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...
PT-2026-47045
Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW version 17.4.0 Description An encrypted password command injection vulnerability exists in the Captive Portal application framework. Command injection is a flaw that allows a...
WhatsUp Gold HasErrors SQL Injection - Authentication Bypass
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6670 info: name: WhatsUp Gold HasErrors SQL Injection - Authentication Bypass author: DhiyaneshDK,princechaddha severity:...
EUVD-2019-19738
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with...
CVE-2019-25340
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...
CVE-2019-25340 SpotAuditor 5.3.2 - 'Base64' Denial Of Service
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted in...
PT-2026-7935
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler SEH...
Security Advisory 0133
Security Advisory 0133 PDF Date: February 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | February 3, 2026 | Initial release Description Several vulnerabilities exist for the Arista Edge Threat Management - Arista NG Firewall NGFW. On affected platforms, an administrative account logged into...
CVE-2025-67636
A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from a lack of...
CVE-2025-13315
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...
CVE-2025-13315
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...
CVE-2025-13315 Unauthenticated log access in Twonky Server
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...
CVE-2025-13315 Unauthenticated log access in Twonky Server
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password...
EUVD-2010-1482
Malware in sbrugna...