60 matches found
EUVD-2017-6339
Malware in sbrugna...
EUVD-2018-7992
Malware in sbrugna...
EUVD-2018-6772
Malware in sbrugna...
EUVD-2019-11031
Malware in sbrugna...
EUVD-2008-6991
Malware in sbrugna...
EUVD-2003-1599
Malware in sbrugna...
EUVD-2023-28482
Malicious code in bioql PyPI...
CVE-2014-125118
CVE-2014-125118 affects eScan Web Management Console 5.5-2. The flaw is a command-injection in login.php where the pass parameter isn’t properly sanitized, enabling an authenticated attacker with a valid username to inject commands and achieve remote code execution. Privilege escalation to root v...
CVE-2014-125118 eScan 5.5-2 Web Management Console Command Injection
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a...
CVE-2023-24464
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...
CVE-2019-20486
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages setup.cgi and advindex.htm within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language...
The vulnerability of the web management console of the IP-ATC Agat CU-7214, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL code.
The vulnerability of the IP-ATC Agat CU-7214 web management console relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...
CVE-2023-24464
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...
CVE-2023-24464
CVE-2023-24464 is a stored cross-site scripting vulnerability in Buffalo network devices (BS-GS2008/2016/2024/2048 and their “P” variants; firmware 1.0.10.01 and earlier). The underlying issue is a stored XSS in the web management console that allows an attacker with access to the management UI t...
PT-2023-19622 · Unknown +4 · Bs-Gs2024P +5
Name of the Vulnerable Software and Affected Versions: BS-GS2008 firmware versions 1.0.10.01 and earlier BS-GS2016 firmware versions 1.0.10.01 and earlier BS-GS2024 firmware versions 1.0.10.01 and earlier BS-GS2048 firmware versions 1.0.10.01 and earlier BS-GS2008P firmware versions 1.0.10.01 and...
CVE-2023-24464
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01...
SAP BusinessObjects Central Management Console 跨站请求伪造漏洞
SAP BusinessObjects Central Management Console is a Web-based tool from SAP that can be used to perform most daily administrative tasks, including user management, content management, and server management. Management Console suffers from a cross-site request forgery vulnerability, which stems fr...
CVE-2021-40904
The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...
CVE-2021-40905
The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...
CVE-2021-40904
The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...