34 matches found
VulnCheck KEV: CVE-2026-28517
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...
MCP NMAP Server has an Injection vulnerability
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...
EUVD-2026-9098
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitation. If an attacker can modify the...
CVE-2026-28517
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...
CVE-2026-28517 openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...
CVE-2026-28517
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...
CVE-2026-28517 openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...
openDCIM 操作系统命令注入漏洞
openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation or cleanup of user input in the reportnetworkmap.php file, which may...
PT-2026-22427
Name of the Vulnerable Software and Affected Versions openDCIM versions 23.04 through commit 4467e9c4 Description The application retrieves the dot configuration parameter from the database and passes it directly to the exec function without validation or sanitation. If an attacker can modify the...
PT-2025-52519
Name of the Vulnerable Software and Affected Versions Lilac-Reloaded for Nagios version 2.0.8 Description The software contains a remote code execution issue in the autodiscovery feature. Attackers can inject arbitrary commands due to a lack of input filtering in the nmap binary parameter...
Linux Distros Unpatched Vulnerability : CVE-2022-45436
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows...
CVE-2022-45436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
CVE-2022-45436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
UBUNTU-CVE-2022-45436
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...
PT-2023-14665 · Artica · Artica Pandora Fms
Name of the Vulnerable Software and Affected Versions: Artica PFMS Pandora FMS version v765 Description: The issue allows Cross-Site Scripting XSS due to improper neutralization of input during web page generation. As a manager privilege user, an attacker can create a network map containing a...
CVE-2022-45436
Pandora FMS/Artica PFMS v765 is affected by a vulnerability described as improper neutralization of input during web page generation (XSS) in the network maps editor. A manager-privilege attacker can create a network map whose name contains an XSS payload; when an admin user later edits network m...
CVE-2022-43980
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS...
Imperva Boosts Connectivity with New PoP in Manila
We are delighted to announce the addition of a new Imperva Point of Presence PoP in the Asia Pacific region with the opening of our new data center in Manila, Philippines. The new location brings our total number of PoPs in Asia to 15, significantly boosting our presence in the region and providi...
PT-2020-14520 · Zoho · Zoho Application Control Plus
Name of the Vulnerable Software and Affected Versions: Zoho Application Control Plus versions prior to 10.0.511 Description: An issue in the Element Configuration feature of Zoho Application Control Plus allows an attacker to retrieve the list of IP ranges and subnets configured in the product...