30 matches found
CVE-2023-49563
Cross Site Scripting XSS in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver...
CVE-2025-65287
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...
CVE-2025-65287
An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path /var/www/files/userScript/ using memcpy + strcat without validation or...
EUVD-2023-37439
Malicious code in bioql PyPI...
EUVD-2023-42820
Malicious code in bioql PyPI...
CVE-2023-39073
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request...
CVE-2023-33274
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...
CVE-2023-49563
Cross Site Scripting XSS in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver...
CVE-2023-49563
Cross Site Scripting XSS in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver...
Cross site scripting
Cross Site Scripting XSS in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver...
CVE-2023-49563
Summary: CVE-2023-49563 affects Voltronic Power SNMP Web Pro, version 1.1. The issue is a Cross Site Scripting (XSS) vulnerability in the web interface that allows an attacker to execute arbitrary code via a crafted script in a request to the webserver. The description across sources consistently...
Voltronic Power SNMP Web Pro 安全漏洞
Voltronic Power SNMP Web Pro is an SNMP network card management software from Voltronic Power. Voltronic Power SNMP Web Pro suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary code via specially crafted scripts...
CVE-2023-49563
Cross Site Scripting XSS in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver...
CVE-2023-39073
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request...
Cross site request forgery (csrf)
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request...
PT-2023-26775 · Unknown · Snmp Web Pro
Name of the Vulnerable Software and Affected Versions: SNMP Web Pro version 1.1 Description: An issue in the software allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted request. Recommendations: For SNMP Web Pro version 1.1, consider disabling the...
CVE-2023-39073
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request...
CVE-2023-39073
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request...
CVE-2023-40710
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b...
CVE-2023-33274
The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...