CVE-2023-37777

A SQL injection vulnerability exists in Synnefo Internet Management Software IMS version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation coul...

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co., Ltd (CNVD-C-2025-129102)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

CVE-2023-37777

A SQL injection vulnerability exists in Synnefo Internet Management Software IMS version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation coul...

PT-2025-1435 · Unknown · Synnefo Internet Management

Name of the Vulnerable Software and Affected Versions: Synnefo Internet Management Software versions 2023 and earlier Description: A SQL injection issue exists due to improper input validation in a specific API endpoint parameter, allowing an attacker to manipulate SQL queries via crafted input...

CVE-2023-37777

A SQL injection vulnerability exists in Synnefo Internet Management Software IMS version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation coul...

Mitigating Attacks Against Uninterruptable Power Supply Devices

CISA and the Department of Energy DOE are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply UPS devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergen...

Command Execution Vulnerability in the Enterprise-Side Internet Integrated Management Platform of Beijing Yahong Century Technology Development Co.

Ltd. is a high-tech company specializing in Internet spatial data governance, network and information security and data value-added solutions and services. A command execution vulnerability exists in the enterprise-side Internet integrated management platform of Beijing Yahong Century Science and...

Weak Password Vulnerability in RSR Router WEB Management System of Ruijie Networks Co.

Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other items. A weak password vulnerability exists in the RSR router WEB management system of Ruijie Networks Co. Ltd, which can be exploited by...

Cisco IOS and Cisco IOS XR Resource Management Error Vulnerability

Cisco IOS and Cisco IOS XR are both operating systems developed by Cisco for its network devices. A security vulnerability in DVMRP in Cisco IOS XR Software, which stems from insufficient queue management of Internet Group Management Protocol IGMP packets, could allow an attacker to send carefull...

Synnefo Internet Management Software Cross-Site Scripting Vulnerability

Synnefo Internet Management Software IMS is a suite of network management software from Synnefo India. A cross-site scripting vulnerability exists in Synnefo IMS 2015 version of synnefoclient, which stems from the packagehistory/listusagesdata URI failing to adequately filter the 'planname '...

CVE-2015-8247

CVE-2015-8247 is a reflected Cross‑Site Scripting (XSS) vulnerability in Synnefo Internet Management Software (IMS) 2015 affecting the synnefoclient. The issue arises in the packagehistory/listusagesdata endpoint via the plan_name parameter, enabling remote attackers to inject arbitrary script/HT...

Websense Proxy Filter Bypass

Websense Proxy Filter Bypass 1. Advisory Information Date published: 2012-11-25 Vendors contacted: Websense Release mode: Coordinated release Vendor was notified 2. Vulnerability Information Class: Filter Bypass Remotely Exploitable: Yes 3. Software Description Internet access management system...

WANGKONGBAO CNS-1000 UTM IPS-FW Directory Traversal

Exploit for hardware platform in category web applications Exploit Title: WANGKONGBAO CNS-1000 and 1100 Network Security Platform UTM Directory Traversal Date: 7/2/2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.wangkongbao.com/products.html Version: CNS-1000 and 1100 The issue ...

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal Metasploit Exploit Title: WANGKONGBAO CNS-1000 and 1100 Network Security Platform UTM Directory Traversal Date: 7/2/2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.wangkongbao.com/products.html Version: CNS-1000 and 1100 The...