EUVD-2025-203080

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database.This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...

CVE-2025-13506 Improper Authorization in Nebim Neyir's Nebim V3 ERP

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...

CVE-2025-13506 Improper Authorization in Nebim Neyir's Nebim V3 ERP

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...

Nebim V3 ERP 安全漏洞

Nebim V3 ERP is an enterprise resource planning system from Nebim Turkey. A security vulnerability exists in Nebim V3 ERP version 2.0.59 up to and including version 3.0.1, which originates from performing an unnecessarily privileged operation that could result in an extension of operating system...

EUVD-2024-55063

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actio...

EUVD-2024-54933

Malicious code in bioql PyPI...

CVE-2020-12107

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System...

CVE-2024-38887

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges...

PT-2024-28258 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary...

CVE-2024-6186

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument adlogname leads to os command injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-25951

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system...

CVE-2024-25951

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system...

Dell iDRAC8 Security Vulnerability

The Dell iDRAC8 is a controller from Dell, Inc. It provides provides comprehensive, embedded management, and automation capabilities across the PowerEdge family of servers. A security vulnerability exists in Dell iDRAC8 versions prior to 2.85.85.85. An attacker could exploit this vulnerability to...

Industrial Security Featuring Delta's enteliBUS Manager

ARCHIVED STORY From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta's enteliBUS Manager By Mark Bereza · August 09, 2019 Management. Control. It seems that you can’t stick five people in a room together without one of them trying to order the others around...

Design/Logic Flaw

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker ...

CVE-2018-19012

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker ...

Code Execution Vulnerability in WPS Office

WPS Office is an office software suite developed independently by Kingsoft Corporation. A code execution vulnerability exists in the EqnEdit.exe program in the WPS Office software, which can be exploited by an attacker to execute malicious code on the target system, remotely install malware, and...

Linux glibc 缓冲区溢出 (幽灵(Ghost))

近日国外安全研究人员披露一个在 Linux Glibc 库上发现的严重的安全问题，它可以让攻击者在本地或者远程获取操作系统的控制权限，编号为CVE-2015-0235，命名为幽灵（GHOST）漏洞。什么是GHOST?为什么命名为GHOST？漏洞最早起源于:The first vulnerable version of the GNU C Library is glibc-2.2, released on November 10, 2000.“During a code audit performed internally at Qualys, we discovered a buffer...

CGI Generic XML Injection

By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access a SOAP back-end. An attacker may be able to...