23 matches found
EUVD-2026-4688
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/getInformation of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead...
CVE-2026-1324
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...
CVE-2025-15499
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...
CVE-2025-15500
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...
CVE-2025-15502
The CVE-2025-15502 entry affects Sangfor Operation and Maintenance Management System up to version 3.0.8. The vulnerability lies in the SessionController function at /isomp-protocol/protocol/session, where manipulating the Hostname argument enables OS command injection. It is exploitable remotely...
Sangfor Operation and Maintenance Management System 代码问题漏洞
Sangfor Operation and Maintenance Management System is an operation and maintenance management system from Sangfor. A code issue exists in Sangfor Operation and Maintenance Management System 3.0.8 and earlier versions, which is caused by incorrect manipulation of the File parameter in the file...
CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection
A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...
CVE-2025-15501 Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection
A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack...
CVE-2025-15499
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...
CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...
CVE-2025-15500
The CVE-2025-15500 entry describes a remote OS command injection in Sangfor Operation and Maintenance Management System (versions up to 3.0.8) via the HTTP POST Request Handler, specifically manipulating the sessionPath parameter for /isomp-protocol/protocol/getHis. Exploitation is public. Affect...
CVE-2025-15499 Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection
A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. Th...
CVE-2022-26104
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message...
EUVD-2022-30672
Malicious code in bioql PyPI...
EUVD-2023-50381
Malicious code in bioql PyPI...
Logic Flaw Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.
Founded in December 2010, Shanghai SinoCom-ArtM Information Technology Co., Ltd hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of IT intelligent security operation and maintenance, data governance, security services and other fields in China. A logic flaw exists in the...
SAP Financial Consolidation Access Control Error Vulnerability
SAP Financial Consolidation is a financial statement solution from SAP Germany. The SAP Financial Consolidation access control error vulnerability, which stems from the program's failure to perform the authorization checks required to update home page messages, could be exploited to cause an...
CVE-2022-26104
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message...
CVE-2022-26104
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message...
Authorization
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message...