EUVD-2018-9813

Malware in sbrugna...

EUVD-2017-1385

Malware in sbrugna...

OpenMediaVault rpc.php Authenticated Cron Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMediaVault rpc.php Authenticated Cron Remote Code Execution', 'Description' = %q OpenMediaVault allows an authenticated user to create cron...

Openmediavault < 0.5.32 Privilege Escalation Vulnerability

Openmediavault is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Openmediavault 2.1 - 3.0.66 Multiple XSS Vulnerabilities

Openmediavault is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Information disclosure

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function...

Remote code execution

A Remote Code Execution RCE vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods...

CVE-2022-47879

A Remote Code Execution RCE vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The...

CVE-2022-47880

The CVE-2022-47880 vulnerability affects Jedox implementations exposing /be/rpc.php (test connection) and allows remote, authenticated users with permission to modify database connections to disclose cleartext passwords. The issue is demonstrated in Jedox versions such as 2020.2.5 and is also cit...

CVE-2022-47880

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function...

CVE-2020-26124

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

CVE-2020-26124

OpenMediaVault is affected by CVE-2020-26124: authenticated PHP code injection via the sortfield POST parameter to rpc.php, caused by missing json_encode_safe in config/databasebackend.inc. Successful exploitation allows arbitrary root command execution. Affected versions: OpenMediaVault before 4...

CVE-2020-26124

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

CVE-2018-18075

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

Sql injection

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

CVE-2018-18075

WikidForum 2.20 is affected by an SQL Injection vulnerability exposed via the rpc.php (parent_post_id or num_records) parameters, or the index.php?action=search (select_sort) parameter. The issue, reported across multiple sources, indicates that unsafely constructed SQL queries can be influenced ...

CVE-2018-18075

WikidForum 2.20 has SQL Injection via the rpc.php parentpostid or numrecords parameter, or the index.php?action=search selectsort parameter...

CVE-2017-1000065

Multiple Cross-site scripting XSS vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights ManagementUsers functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser...

Cross site scripting

Multiple Cross-site scripting XSS vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights ManagementUsers functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser...

EyeLock nano NXT 3.3-3.5 unauthenticated command injection vulnerabilities

/scripts/rpc.php: --- 9: if isset$REQUEST'action' 10: 11: switch$REQUEST'action' ... ... 181: case 'updatetime': 182: 183: // do something, the put our response in the response field... 184: $strDate = shellexec"rdate -s $REQUEST'timeserver' 2&1"; 185: 186: // set the hardware clock. 187:...