53 matches found
CVE-2025-71284
Synway SMG Gateway Management Software is affected by an OS command injection in the RADIUS configuration endpoint /en/9-2radius.php. The radius_address POST parameter (and related fields) is split and interpolated directly into a sed command without sanitization, enabling an unauthenticated remo...
Synway SMG Gateway Management Software 操作系统命令注入漏洞
Synway SMG Gateway Management Software is a gateway management software developed by Synway Corporation. This software has a vulnerability related to operating system command injection. The vulnerability stems from the RADIUS configuration endpoint/en/9-2radius.php, where the radiusaddress POST...
CVE-2020-12594
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4...
CVE-2020-12595
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4...
CVE-2025-1448
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
EUVD-2020-4896
Malware in sbrugna...
EUVD-2020-4897
Malware in sbrugna...
EUVD-2025-4756
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-_smg (npm)
The package @zalastax/nolb-smg was found to contain malicious code...
CVE-2025-5243
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...
CVE-2025-5243
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...
CVE-2025-5243 Arbitrary File Upload in SMG Software's Information Portal
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...
CVE-2025-5243
CVE-2025-5243 affects SMG Software Information Portal. Affected versions before 13.06.2025 are vulnerable to unrestricted file upload and improper neutralization of special elements in OS command contexts, enabling code injection and potential upload of a web shell leading to code inclusion. The ...
PT-2025-30665 · Smg · Smg Software Information Portal
Name of the Vulnerable Software and Affected Versions: SMG Software Information Portal versions prior to 13.06.2025 Description: The software contains an unrestricted file upload and improper neutralization of special elements used in an OS command vulnerability, potentially leading to code...
CVE-2025-1448
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
CVE-2025-1448 Synway SMG Gateway Management Software 9-12ping.php command injection
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
CVE-2025-1448 Synway SMG Gateway Management Software 9-12ping.php command injection
A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. It has been rated as critical. This issue affects some unknown processing of the file 9-12ping.php. The manipulation of the argument retry leads to command injection. The attack may be initiated remotely. The...
CVE-2025-1448
CVE-2025-1448 affects Synway SMG Gateway Management Software up to 20250204. The issue is in the handling of the file 9-12ping.php, where the retry parameter can be manipulated to trigger a command-injection vulnerability. Exploitation can be remote; public PoCs exist. Remediation details are lim...
PT-2024-10545 · Eltex · Eltex Smg-1016M
Name of the Vulnerable Software and Affected Versions: Eltex SMG-1016M affected versions not specified Description: The issue exists due to the lack of measures to neutralize special elements in the Eltex SMG-1016M trunk gateway's firmware. Exploitation of this issue may allow a remote attacker t...
smg-abogados.com Cross Site Scripting vulnerability OBB-3233561
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...