IndraMotion MLC L20, L40 Security Vulnerabilities

dev.alpinelinux.org Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1081415 Security Researcher Nep_1337_1998 Helped patch 562 vulnerabilities Received 4 Coordinated Disclosure badges Received 7 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting dev.alpinelinux.org...

404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor

As noted in Rough Patch: I Promise It'll Be 200 OK, our FireEye Mandiant Incident Response team has been hard at work responding to intrusions stemming from the exploitation of CVE-2019-19781. After analyzing dozens of successful exploitation attempts against Citrix ADCs that did not have the...

suitaprest.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1066203 Security Researcher Wall-E Helped patch 9 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting suitaprest.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO...

thealphaenterprise.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1063190 Security Researcher geeknik Helped patch 8753 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting thealphaenterprise.com...

sthopeleadershipacademy.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1059724 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

projectcontrolscommunity.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1053259 Security Researcher VighneshGupta Helped patch 137 vulnerabilities Received 3 Coordinated Disclosure badges Received 2 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

gear4music.ie Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1043763 Security Researcher metamorfosec Helped patch 1969 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting gear4music.ie website.....

cls.ru Cross Site Scripting vulnerability

Security Researcher VighneshGupta Helped patch 131 vulnerabilities Received 3 Coordinated Disclosure badges Received 2 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting cls.ru website and its users. Following coordinated...

weddingfavorz.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1035953 Security Researcher geeknik Helped patch 8710 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting weddingfavorz.com website...

Concrete CMS: XSS in select attribute options

To reproduce Create a new select attribute. Add a select attribute option with value <script>alert('XSS')</script> and hit Save. Edit the newly created attribute again and see XSS dialog. The vulnerability lays in the type_form.php file, see...

Remote Code Execution (RCE)

tree-kill is vulnerable to remote code execution (RCE). The attack is possible because the process in window part does not validate the user input part before the concatenation of the input with a command using + operator and directly execute the command, allowing a remote user to inject arbitrary....

zona24-7.vivahogar.com.mx Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1022289 Security Researcher devl00p Helped patch 3023 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

krigsbilder.net Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1020624 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

efomp.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1016625 Security Researcher White_Devil Helped patch 67 vulnerabilities Received 3 Coordinated Disclosure badges Received 3 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting efomp.org website and its.....

mt.itic.occinc.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1015447 Security Researcher Gh05tPT Helped patch 6892 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting mt.itic.occinc.com...

frauenarzt-schierling.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-998096 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Node.js third-party modules: [tree-kill] RCE via insecure command concatenation (only Windows)

I would like to report a RCE issue in the tree-kill module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: tree-kill version: 1.2.1 npm page: https://www.npmjs.com/package/tree-kill Module Description Kill all processes in the process tree, including...

weingut-hahnenhof.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-949060 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting weingut-hahnenhof.de website...

CVE-2019-1010287

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may....

CVE-2019-1010287

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may....

CVE-2019-1010287

Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may....

christianitytodayblogs.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-882426 Security Researcher calv1n Helped patch 22043 vulnerabilities Received 12 Coordinated Disclosure badges Received 37 recommendations , a holder of 12 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

Omron NYB1C-313K1 Industrial Computer Detection

A NYB1C-313K1 with model number NYB1C-313K1 has been detected. It is described by Omron as Industrial Box PC - Windows 10 IoT Enterprise LTSB - 64 bit, Intel Celeron 2980U, 8 GB (non-ECC type) RAM, 128 GB SSD type (MLC), RS-232C...

Omron NYP25-313K1-12WC1000 Industrial Computer Detection

A NYP25-313K1-12WC1000 with model number NYP25-313K1-12WC1000 has been detected. It is described by Omron as Industrial Panel PC - 12.1 Inch, Windows 10 IoT Enterprise LTSB - 64 bit, Intel Core i5-4300U, 8 GB RAM, 128 GB SSD type (MLC),...

Omron NYP1C-313K1-15WC1000 Industrial Computer Detection

A NYP1C-313K1-15WC1000 with model number NYP1C-313K1-15WC1000 has been detected. It is described by Omron as Industrial Panel PC - 15.4 inch, Windows 10 IoT Enterprise LTSB - 64 bit, Intel Celeron 2980U, 8 GB RAM, 128 GB SSD type (MLC),...

Omron NYB1C-313C1 Industrial Computer Detection

A NYB1C-313C1 with model number NYB1C-313C1 has been detected. It is described by Omron as Industrial Box PC - Windows 10 IoT Enterprise LTSB - 64 bit, Intel Celeron 2980U, 8 GB (non-ECC type) RAM, 320 GB HDD type (MLC), RS-232C...

Omron NYB25-313K1 Industrial Computer Detection

A NYB25-313K1 with model number NYB25-313K1 has been detected. It is described by Omron as Industrial Box PC - Windows 10 IoT Enterprise LTSB - 64 bit, Intel Core i5-4300U, 8 GB (non-ECC type) RAM, 128 GB SSD type (MLC), RS-232C...

Omron NYB17-31391 Industrial Computer Detection

A NYB17-31391 with model number NYB17-31391 has been detected. It is described by Omron as Industrial Box PC - Windows 10 IoT Enterprise LTSB - 64 bit, Intel Core i7-4700EQ, 8 GB (non-ECC type) RAM, 64 GB SSD type (MLC), RS-232C...

Omron NYB1E-313K1 Industrial Computer Detection

A NYB1E-313K1 with model number NYB1E-313K1 has been detected. It is described by Omron as Industrial Box PC - Windows 10 IoT Enterprise LTSB - 64 bit, Intel Xeon E3-1515M v5, 8GB (non-ECC type) RAM, 128 GB SSD type (MLC), RS-232C...

Omron NYB17-312K1 Industrial Computer Detection

A NYB17-312K1 with model number NYB17-312K1 has been detected. It is described by Omron as Industrial Box PC - Windows Embedded Standard 7 - 64bit, Intel Core i7-4700EQ, 8 GB (non-ECC type) RAM, 128 GB SSD type (MLC), RS-232C...

Omron NYP1C-312K1-12WC1000 Industrial Computer Detection

A NYP1C-312K1-12WC1000 with model number NYP1C-312K1-12WC1000 has been detected. It is described by Omron as Industrial Panel PC - 12.1 Inch, Windows Embedded Standard 7 - 64 bit, Intel Celeron 2980U, 8 GB RAM, 128 GB SSD type (MLC),...

Rockwell Automation CompactLogix Processor 1769-L20/A PLC

A Rockwell Automation CompactLogix Processor 1769-L20/A PLC has been detected. For additional information see the web link...

Omron NYP17-313K1-15WC1000 Industrial Computer Detection

A NYP17-313K1-15WC1000 with model number NYP17-313K1-15WC1000 has been detected. It is described by Omron as Industrial Panel PC - 15.4 inch, Windows 10 IoT Enterprise LTSB - 64 bit, Intel Core i7-4700EQ, 8 GB RAM, 128 GB SSD type (MLC),...

Omron NYP1C-313K1-12WC1000 Industrial Computer Detection

A NYP1C-313K1-12WC1000 with model number NYP1C-313K1-12WC1000 has been detected. It is described by Omron as Industrial Panel PC - 12.1 Inch, Windows 10 IoT Enterprise LTSB - 64 bit, IntelCeleron 2980U, 8 GB RAM, 128 GB SSD type (MLC),...

Omron NYP17-313K1-12WC1000 Industrial Computer Detection

A NYP17-313K1-12WC1000 with model number NYP17-313K1-12WC1000 has been detected. It is described by Omron as Industrial Panel PC - 12.1 Inch, Windows 10 IoT Enterprise LTSB - 64 bit, Intel Core i7-4700EQ, 8 GB RAM, 128 GB SSD type (MLC),...

Omron NYP25-313K1-15WC1000 Industrial Computer Detection

A NYP25-313K1-15WC1000 with model number NYP25-313K1-15WC1000 has been detected. It is described by Omron as Industrial Panel PC - 15.4 inch, Windows 10 IoT Enterprise LTSB - 64 bit, Intel Core i5-4300U, 8 GB RAM, 128 GB SSD type (MLC),...

Omron NYB17-313K1 Industrial Computer Detection

A NYB17-313K1 with model number NYB17-313K1 has been detected. It is described by Omron as Industrial Box PC - Windows 10 IoT Enterprise LTSB - 64 bit, Intel Core i7-4700EQ, 8 GB (non-ECC type) RAM, 128 GB SSD type (MLC), RS-232C...

Omron NYB1E-C13K1 Industrial Computer Detection

A NYB1E-C13K1 with model number NYB1E-C13K1 has been detected. It is described by Omron as Industrial Box PC - Windows 10 IoT Enterprise LTSB - 64 bit, Intel Xeon E3-1515M v5, 8GB (ECC type) RAM, 128 GB SSD type (MLC), RS-232C...

Omron NYB25-312K1 Industrial Computer Detection

A NYB25-312K1 with model number NYB25-312K1 has been detected. It is described by Omron as Industrial Box PC - Windows Embedded Standard 7, Intel Core i5-4300U, 8 GB (non-ECC type) RAM, 128 GB SSD type (MLC), RS-232C...

Omron NYP1C-312K1-15WC1000 Industrial Computer Detection

A NYP1C-312K1-15WC1000 with model number NYP1C-312K1-15WC1000 has been detected. It is described by Omron as Industrial Panel PC - 15.4 inch, Windows 10 IoT Enterprise LTSB - 64 bit, Windows Embedded Standard 7 - 64 bit, Intel Celeron 2980U, 8 GB RAM, 128 GB SSD type (MLC),...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-536) (Spectre)

The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate...

CVE-2018-19023

Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop"...

Hetronic Nova-M

EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Hetronic Equipment: Nova-M Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...

ATool 1.0.0.22 Buffer Overflow

...

What’s new in TrickBot? Deobfuscating elements

Trojan.TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. From the beginning, it was a well organized modular malware, written by developers with mature skills. It is often called a banker, however its modular structure allows to....

openSUSE Security Update : the Linux Kernel (openSUSE-2018-762) (Spectre)

The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate...

Security update for the Linux Kernel (important)

The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-514) (Spectre)

The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082). A new boot...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed: CVE-2018-3639: Information leaks using "Memory Disambiguation" feature in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082). A new boot...

Hash Collision

Bouncy Castle is vulnerable to hash collision attacks. The library keystore files uses a HMAC hash that is only 16 bits long, allowing a malicious user to retrieve the password used for keystore integrity verification checks. This vulnerability only affects users of the BKS-V1 keystore format,...