60 matches found
Riello Netman 204 - SQL Injection
The three endpoints /cgi-bin/dbdatalogw.cgi, /cgi-bin/dbeventlogw.cgi, and /cgi-bin/dbmultimetrw.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way. id: CVE-2024-8877 info: name: Riello Netman 204 - SQL...
CVE-2017-6900
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 is affected by a directory traversal flaw in cgi-bin/certsupload.cgi that allows uploading files via the ../ sequence, enabling code execution. Concrete details across multiple sources confirm the vulnerable component and the root cause (certsupload.c...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...
CVE-2025-68915
Riello UPS NetMan 208 Application prior to 1.12 is affected by a cross-site scripting (XSS) vulnerability in the CGI script cgi-bin/loginbanner_w.cgi, exploitable via a crafted banner. The issue arises from the loginbanner_w.cgi component and can lead to script execution within the context of the...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...
CVE-2025-68914
The CVE-2025-68914 entry describes a SQL injection in Riello UPS NetMan 208 Application before 1.12 via cgi-bin/login.cgi username, enabling manipulation such as deleting LOGINFAILEDTABLE. Affected product: Riello UPS NetMan 208 Application (versions