EUVD-2025-208470

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

CVE-2025-41712

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

CVE-2025-41712 Incorrect Permission Assignment on power analyzer

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

Janitza UMG 96RM-E 24V和Janitza UMG 96RM-E 230V 安全漏洞

Both Janitza UMG 96RM-E 24V and Janitza UMG 96RM-E 230V are multi-functional power quality analyzers from the German company Janitza. There are security vulnerabilities associated with these devices. These vulnerabilities stem from improper assignment of permissions to web servers, which may allo...

EUVD-2021-21707

Malware in sbrugna...

EUVD-2022-4446

Malicious code in bioql PyPI...

CVE-2021-35062

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

CVE-2021-35062

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

Design/Logic Flaw

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

CVE-2021-35062

A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server...

CVE-2021-35062

The CVE-2021-35062 entry describes a Shell Metacharacter Injection in the file result.php of the DRK Odenwaldkreis Testerfassung March-2021 . The flaw allows an attacker who has a valid COVID-19 test result token to trigger shell commands with the web server’s privileges, indicating a remote comm...

Code injection

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...

CVE-2018-12980

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server...

CVE-2018-12980

The connected ICS advisory confirms CVE-2018-12980 (Unrestricted Upload of File with Dangerous Type) affects WAGO e!DISPLAY 762-3000/762-3003 devices with FW 01 firmware; FW 02 is the fixed version. An authenticated user can upload arbitrary files to the file system with the web server’s permissi...

DEBIAN-CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

Security update for otrs (important)

This update for otrs fixes the following security issues: - CVE-2017-15864: Remote authenticated attackers could have caused otrs to disclose configuration information, including database credentials boo1068677, OSA-2017-06 - CVE-2017-16664: Remote authenticated attackers could have caused the...

openSUSE: Security Advisory for munin (openSUSE-SU-2017:0621-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Tuleap PHP Unserialize Code Execution (CVE-2014-8791)

This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server...

Dotclear 2.9.1 Directory Download

Dotclear 2.9.1 Directory Download Vulnerability + Software: https://dotclear.org/ + Author: Wiswat Aswamenakul + Affected version: only tested on 2.9.1 previous version might be affected + Platform: tested on Ubuntu 14.04, PHP 5.5.9 + Description Authenticated users with media manager access...