CVE-2026-28517

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

BIT-AIRFLOW-2024-56373 Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

CVE-2024-56373

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

EUVD-2020-30807

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An...

Linux Distros Unpatched Vulnerability : CVE-2023-42802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one ...

GLPI Input Validation Error Vulnerability

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

Path traversal

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

CVE-2023-0598

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...

PT-2023-7457 · Ge Digital · Ge Digital Proficy Ifix

Name of the Vulnerable Software and Affected Versions: GE Digital Proficy iFIX versions 6.1 through 6.5 GE Digital Proficy iFIX 2022 Description: The issue is related to incorrect code generation management in the GE Proficy HMI/SCADA iFIX software, which may allow an attacker to gain full contro...

CVE-2020-15417

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

Joomla! Cross Site Scripting Vulnerability

The host is running Joomla! and is prone to Cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlaxssvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Joomla! Cross Site Scripting Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion

/ source: https://www.securityfocus.com/bid/10746/info Kleinanzeigen is prone to a file include vulnerability. This issue could allow a remote attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer. If successful, the malicious script supplied by the...

EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion

source: https://www.securityfocus.com/bid/9338/info EasyDynamicPages is prone to a remote file include vulnerability in a configuration script. This will permit a remote attack to include malicious PHP scripts from remote servers, which will then be executed by the web server hosting the vulnerab...

ttCMS 2.2 / ttForum 1.1 - 'news.php?template' Remote File Inclusion

source: https://www.securityfocus.com/bid/7542/info A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a...