CVE-2023-48791

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

RHEL 8 : CloudForms 5.0.3 (RHSA-2020:0588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0588 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments...

WordPress Database Backup for WordPress Plugin < 2.5.2 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2019-14894

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms...

CVE-2019-14894

CVE-2019-14894 affects the CloudForms Management Engine, specifically versions 5.10 and 5.11. The flaw enables remote code execution through the NFS schedule backup mechanism. An attacker who can log into the management console could execute arbitrary shell commands on the CloudForms server with ...

Command injection

Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...

CVE-2020-10808

CVE-2020-10808 affects Vesta Control Panel (VestaCP) up to version 0.9.8-26. It describes a command injection vulnerability in the schedule/backup Backup Listing Endpoint. The attacker must create a crafted filename on the server, demonstrated via an FTP session that renames a file (e.g., .bash_l...

Important: Red Hat Security Advisory: CloudForms 4.7.15 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

CloudForms: RCE vulnerability in NFS schedule backup

A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root...

Important: Red Hat Security Advisory: CloudForms 5.0.3 security update

An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

CVE-2019-14894

A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root...

ManageEngine SupportCenter Plus < 7.9 Build 7905 Multiple Vulnerabilities

The remote host is running a version of ManageEngine SupportCenter Plus less than 7.9 build 7905. Such versions are affected by multiple vulnerabilities: - A SQL injection vulnerability in the 'countSql' parameter of the '/servlet/AJaxServlet' script. - Multiple stored cross-site scripting...