255 matches found
PT-2026-22274
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An operating system command injection issue exists in XWEB Pro, allowing an authenticated attacker to execute code remotely on the system. This is achieved by providing a manipulated template file ...
PT-2026-22271
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A stack-based buffer overflow exists in an API route of XWEB Pro. This allows unauthenticated attackers to cause stack corruption and program termination. The vulnerable API route is not specified...
Copeland XWEB PRO 操作系统命令注入漏洞
Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...
PT-2026-22256
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description An unauthenticated attacker can execute commands on the system remotely. This is possible by sending a specially crafted request to the libraries installation route and injecting malicious input in...
Copeland XWEB PRO 操作系统命令注入漏洞
Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability arises fr...
PT-2026-22273
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system. This is possible by submitting crafted input into the username field of the import preconfiguration action via the API ...
PT-2026-22277
Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system remotely. This is achieved by injecting malicious input into the Wi-Fi SSID and/or password fields. Processing the...
Copeland多款产品 操作系统命令注入漏洞
Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems from the American company Copeland. Several products of Copeland have vulnerabilities related to operating system command injection. This vulnerability arises...
Copeland多款产品 操作系统命令注入漏洞
Copeland XWEB 300D PRO, among others, are advanced commercial and industrial refrigeration monitoring and management systems developed by the American company Copeland. Several Copeland products have vulnerabilities related to operating system command injection. These vulnerabilities stem from...
Copeland多款产品 操作系统命令注入漏洞
Both the Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems from the American company Copeland. Several Copeland products have a vulnerability related to operating system command injection. This vulnerability...
PT-2026-22257
Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is possible by injecting malicious input into the devices field within the firmware update apply action...
Copeland XWEB PRO 操作系统命令注入漏洞
Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...
Copeland XWEB PRO 操作系统命令注入漏洞
Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...
Copeland XWEB and XWEB Pro
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...
EUVD-2008-4709
Malware in sbrugna...
CVE-2021-45427
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal...
The vulnerability of the server for computer control and monitoring of Emerson Dixell XWEB-500 allows a intruder to execute arbitrary code.
The vulnerability of the server for computer control and monitoring of refrigeration equipment from Emerson Dixell XWEB-500 is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the server for computer control and monitoring systems of Emerson Dixell XWEB-500 allows a intruder to disclose protected information.
The vulnerability of the server used for computer control and monitoring of Emerson Dixell XWEB-500 relates to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected information...
VulnCheck KEV: CVE-2021-45420
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...
Malicious code in xweb_3.0_component_lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f6b7e56dbb18ea6a0d7b22a4334b7303140d6c041322360074890df204e941a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...