EndRun Technologies Sonoma OS Command Injection (CVE-2025-60962)

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. This plugin only works with Tenable.ot. Please visit...

CVE-2025-56079

OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

EUVD-2025-32571

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information...

EUVD-2025-32569

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60967

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60959

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information...

CVE-2025-60957

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

CVE-2025-60956

Cross Site Request Forgery CSRF vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

PT-2025-40928

Name of the Vulnerable Software and Affected Versions EndRun Technologies Sonoma D12 Network Time Server GPS version 4.00 Description An OS Command Injection issue exists in EndRun Technologies Sonoma D12 Network Time Server GPS. Successful exploitation could allow attackers to gain sensitive...

CVE-2025-60962

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

PT-2025-40927

Name of the Vulnerable Software and Affected Versions EndRun Technologies Sonoma D12 Network Time Server GPS version 4.00 Description A Cross Site Scripting XSS issue exists in EndRun Technologies Sonoma D12 Network Time Server GPS. Successful exploitation could allow attackers to obtain sensitiv...

CVE-2025-60961

Cross Site Scripting XSS vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts...

CVE-2025-60960

OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information...

Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference Vulnerability

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected...

Xpdf 'AcroForm::scanField' function denial of service vulnerability

Xpdf is an open source PDF reader , it supports decoding LZW compressed format files as well as reading encrypted PDF files . Xpdf 4.00 version of the AcroForm.cc file of the 'AcroForm::scanField' function has a security vulnerability, the vulnerability stems from the program lack of loop...

Xpdf 'JPXStream::fillReadBuf' function null pointer dereference vulnerability

Xpdf is an open source PDF reader , it supports decoding LZW compressed format files as well as reading encrypted PDF files . A security vulnerability exists in the 'JPXStream::fillReadBuf' function in the JPXStream.cc file in Xpdf version 4.00. An attacker can exploit this vulnerability to cause...

PHP-Fusion Database Backup Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server...

212Cafe Guestbook 4.00 Show.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22173/info 212Cafe Guestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execu...

Hex Workshop 4.235.16.0 - .hex Universal Local Buffer Overflow (SEH)

Hex Workshop 4.235.16.0 - .hex Universal Local Buffer Overflow SEH !/usr/bin/perl by hack4love [email protected] Hex Workshop v3//4//5//6 .hex Universal Local Buffer ExploitS SEH Found By: DATASNIPER http://www.bpsoft.com/downloads/ info:: i write 3 exploits for the 3 v...