16 matches found
CVE-2026-50110
The CVE-2026-50110 entry concerns Storage Concentrator (SC & SCVM) that contains hardcoded credentials for numerous internal services embedded in a configuration file. The credentials are encoded but reversible to plaintext, exposing accounts for databases, licensing, replication, and third-party...
CVE-2026-56413
CVE-2026-56413 affects StoneFly Storage Concentrator (SC & SCVM). The ms_service.pl component listening on TCP port 9000 is vulnerable to command injection. An unauthenticated remote attacker can send a specially crafted network packet that is processed without proper sanitization, enabling arbit...
CVE-2026-56415
The vulnerability CVE-2026-56415 affects the Storage Concentrator (SC & SCVM). The issue is a command injection in the debug.pl script that is reachable without authentication. A remote attacker can send a crafted HTTP request containing a malicious payload which is processed without proper input...
CVE-2026-55721
The CVE-2026-55721 entry describes a SQL injection vulnerability in StoneFly Storage Concentrator (SC & SCVM). The issue arises when cookie values are processed by login.pl and debug.pl, with the cookie data directly embedded into database queries without proper sanitization. This allows an unaut...
CVE-2026-50040
CVE-2026-50040 affects StoneFly Storage Concentrator (SC & SCVM). The issue is a reflected XSS caused by unsanitized content echoed in 404 error pages, enabling an authenticated user to trigger arbitrary script execution in the application's context via a crafted URL. Potential impacts include se...
EUVD-2024-29805
Malicious code in bioql PyPI...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...
CVE-2024-30213
CVE-2024-30213 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The issue allows remote authenticated users to perform command injection via a Ping URL, leading to remote code execution. Affected versions: SC/SCVM before 8.0.4.26. Mitigation: update to 8.0.4.26 or la...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
StoneFly Storage Concentrator Security Vulnerability
StoneFly Storage Concentrator is a storage concentrator virtual machine from StoneFly. A security vulnerability exists in StoneFly Storage Concentrator versions prior to 8.0.4.26 that stems from the presence of directory traversal, which could expose sensitive system information...
CVE-2024-31947
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...
PT-2024-23258 · Stonefly · Stonefly Storage Concentrator
Name of the Vulnerable Software and Affected Versions: StoneFly Storage Concentrator SC and SCVM versions prior to 8.0.4.26 Description: The issue allows remote authenticated users to achieve command injection via a Ping URL, leading to remote code execution. Recommendations: For versions prior t...
CVE-2024-30213
StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...