Siemens TeleControl Server Basic RestoreFromBackup SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens TeleControl Server Basic. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2020-15421

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the checkip parameter, the process...

CVE-2020-15435

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the servicestart parameter, the proce...

CVE-2024-12832

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the type parameter provided to the details endpoint. The issue results...

Hewlett Packard Enterprise AutoPass License Server SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 58...

CVE-2024-8809 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2024-8808

CVE-2024-8808 affects Cohesive Networks VNS3. The risk stems from a flaw in the web service (listening on port 8000) where a user-supplied string is used to construct a system call without proper validation, allowing remote code execution with root privileges. Auth is required to exploit, and the...

CVE-2024-8807

CVE-2024-8807 : Cohesive Networks VNS3 has a command injection vulnerability in its web service (listening on port 8000 by default). The flaw stems from insufficient validation of a user-supplied string before it is used to execute a system call, allowing an attacker to run code with root privile...

CVE-2024-5720

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5719 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5717 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-5717 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...

CVE-2024-30372 Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-30372

CVE-2024-30372 affects Allegra and is a Server-Side Template Injection in the getLinkText method. The flaw arises from insufficient validation of a user-supplied string before processing it with the template engine, allowing remote code execution with the process context of LOCAL SERVICE. Authent...

CVE-2024-30372 Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

Ivanti Endpoint Manager GetDetectedVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetDetectedVulnerabilitiesDataTable method. The issue...

Centreon updateContactHostCommands_MC SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactHostCommandsMC function. The issue results from the lack of proper validation of a...