PT-2025-32368

Name of the Vulnerable Software and Affected Versions: Inverter affected versions not specified Description: The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This may allow an attacker with access to a loca...

CVE-2025-24843 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Storage of Sensitive Data in a Mechanism without Access Control

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data...

[SECURITY] [DLA 3953-1] icinga2 security update

Debian LTS Advisory DLA-3953-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert November 16, 2024 https://wiki.debian.org/LTS Package : icinga2 Version : 2.12.3-1+deb11u1 CVE ID : CVE-2021-32739 CVE-2021-32743 CVE-2021-37698 CVE-2024-49369 Debian Bug : 991494 108738...

Design/Logic Flaw

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware

Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized...

Advantech R-SeeNet

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: SQL Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated users to perform a local privilege...

Philip Ulrich GramAddict Code Injection Vulnerability

Philip Ulrich GramAddict is an application from Canary Philip Ulrich USA. It provides for building network monitoring solutions. A security vulnerability exists in GramAddict that could allow remote attackers to execute arbitrary code through the use of the UIAutomator2 and ATX agents...

CVE-2019-0398

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform Monitoring Application, before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery...

CVE-2019-0398

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform Monitoring Application, before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery...

Razer: Accessible Druid Monitor console on https://api.pay-staging.razer.com/

The tester discovered a monitoring application was available on a remotely accessible administrative console in the Razer Pay staging environment, which could have been used to leverage information that could have compromised the server. The Razer Pay team removed this and other similar servers...

Ansible Tower Unsupported Version

The version of Ansible Tower running on the remote server has reached the end of support, and will no longer receive security updates from the vendor. It could therefore be affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Check_MK < 1.4.0p6 webapi.py XSS

The version of CheckMK running on the remote web server is prior to 1.4.0p6. It is, therefore, affected by a reflected cross-site XSS scripting vulnerability in webapi.py due to error messages being interpreted as HTML when they should be plain text. An unauthenticated, remote attacker can exploi...

Unspecified Cross-Site Scripting Vulnerability in SAP NetWeaver Monitoring Application

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An unspecified cross-site scripting vulnerability exists in SAP NetWeaver Monitoring Application. The...

Pandora FMS 5.1 SP1 - SQL Injection

Pandora FMS 5.1 SP1 - SQL Injection Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID VL-ID:...

Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability

Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 1355...

LogAnalyzer Detection

The remote web server hosts Adiscon LogAnalyzer, a monitoring application used to view Syslog messages and Windows Events via a web interface written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62122; scriptversion"1.4";...

Pandora FMS 4.0.1 Local File Inclusion

Title: ====== Pandora FMS v4.0.1 - Local File Include Vulnerability Date: ===== 2012-02-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=435 VL-ID: ===== 435 Introduction: ============= Pandora FMS is a monitoring Open Source software. It watches your systems and...

Pandora FMS v4.0.1 - Local Path Include Vulnerability

Document Title: =============== Pandora FMS v4.0.1 - Local Path Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=435 Release Date: ============= 2012-02-16 Vulnerability Laboratory ID VL-ID: ==================================== 435...