Management Console
by Avira
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-125118 | Cri | 0.69 | — | 0.03 | Jul 25, 2025 | A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary… | ||
| CVE-2025-69828 | Cri | 0.65 | 10.0 | 0.00 | Jan 22, 2026 | File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit | ||
| CVE-2026-27914 | Hig | 0.51 | 7.8 | 0.03 | Apr 14, 2026 | Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally. | ||
| CVE-2015-7303 | 0.03 | — | 0.35 | Sep 21, 2015 | Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. | |||
| CVE-2025-69612 | 0.00 | — | 0.01 | Jan 22, 2026 | A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing… | |||
| CVE-2020-36909 | 0.00 | — | 0.01 | Jan 6, 2026 | SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to… | |||
| CVE-2020-36908 | 0.00 | — | 0.00 | Jan 6, 2026 | SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user… | |||
| CVE-2020-13183 | 0.00 | — | 0.01 | Aug 17, 2020 | Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload. | |||
| CVE-2020-13174 | 0.00 | — | 0.01 | Aug 11, 2020 | The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking. | |||
| CVE-2020-10965 | 0.00 | — | 0.01 | Mar 25, 2020 | Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2. |
- risk 0.69cvss —epss 0.03
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary…
- risk 0.65cvss 10.0epss 0.00
File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit
- risk 0.51cvss 7.8epss 0.03
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
- CVE-2015-7303Sep 21, 2015risk 0.03cvss —epss 0.35
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
- CVE-2025-69612Jan 22, 2026risk 0.00cvss —epss 0.01
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing…
- CVE-2020-36909Jan 6, 2026risk 0.00cvss —epss 0.01
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to…
- CVE-2020-36908Jan 6, 2026risk 0.00cvss —epss 0.00
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user…
- CVE-2020-13183Aug 17, 2020risk 0.00cvss —epss 0.01
Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload.
- CVE-2020-13174Aug 11, 2020risk 0.00cvss —epss 0.01
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.
- CVE-2020-10965Mar 25, 2020risk 0.00cvss —epss 0.01
Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2.