Comet System多款产品 访问控制错误漏洞

Comet System T0510 and others are a temperature sensor from Comet System. An access control error vulnerability exists in various Comet System products, which stems from a lack of authentication in the file /setupA.cfg. The following products and versions are affected: T0510, T3510, T3511, T4511,...

Wiesemann & Theis Com-Server 加密问题漏洞

Wiesemann & Theis Com-Server is a communication server for industrial automation from Wiesemann & Theis that provides connectivity between serial devices and Ethernet. A cryptographic issue vulnerability exists in Wiesemann & Theis Com-Server versions prior to 1.60 that stems from the use of...

CVE-2024-11587

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-11587 idcCMS classProvCity.php GetCityOptionJs cross site scripting

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-11587 idcCMS classProvCity.php GetCityOptionJs cross site scripting

A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2024-11587

CVE-2024-11587 affects idcCMS 1.60, specifically the GetCityOptionJs function in /inc/classProvCity.php, where manipulating the idName parameter triggers cross-site scripting. Exploitation can be remote; multiple sources flag XSS, with some templates noting a reflected XSS via idName (read.php). ...

PT-2024-17119 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idcCMS version 1.60 Description: A problematic issue was found in idcCMS, affecting the GetCityOptionJs function of the file /inc/classProvCity.php. The manipulation of the idName argument leads to cross-site scripting. This issue can be...

Incorrect authorization vulnerability in OMRON Sysmac Studio

Overview Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability CWE-863, CVE-2024-49501. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with OMRON Corporation for the JVN advisory...

SCM Manager 1.60 Cross Site Scripting

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

CVE-2023-33829

A stored cross-site scripting XSS vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

WordPress Gallery from files plugin <= 1.60 - Unauthenticated Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE vulnerability discovered by WPScanTeam in WordPress Gallery from files plugin versions = 1.60. Solution This plugin has been closed as of May 24, 2021 and is not available for download. This closure is temporary, pending a full review...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +12972 more potentially affected by CVE-2020-26939 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.60)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2020-26939 Source advisory: OSV:GHSA-72M5-FVVV-55M6...

OPENSUSE-SU-2020:0607-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: Version update to 1.60: CVE-2018-1000613: Use of Externally-ControlledInput to Select Classes or Code boo1100694 Release notes: http://www.bouncycastle.org/releasenotes.html Version update to 1.59: CVE-2017-13098: Fix against Bleichenbacher...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...

Several Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...

DEBIAN-CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...

CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...

HP Intelligent Provisioning Information Disclosure Vulnerability

HP Intelligent Provisioning is the server configuration tool. An information disclosure vulnerability exists in HP Intelligent Provisioning versions 1.40-1.60 on Windows 2008 R2 and Windows 2012 platforms. The vulnerability could be exploited by an attacker to obtain sensitive information...