22 matches found
CVE-2021-27254
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the applysave.cgi endpoint. This issue results from the use of hard-coded...
CVE-2020-27254
Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information...
CVE-2025-27254
CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify...
CVE-2025-27254
The CVE-2025-27254 entry concerns GE Vernova EnerVista UR Setup and is supported by multiple sources. Affected component: EnerVista UR Setup; issue: CWE-282 Improper Ownership Management leading to an authentication bypass. Root cause described as the startup authentication being disable-able via...
CVE-2024-27254
creationtimestamp| type| source ---|---|--- 2025-02-01 17:28:09+00:00| seen| Telegram/DGzwSumpbaiORt5h6MacSDD7dvB-Lt-R4smYpajhiv4wgwp...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server ( CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296)
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, loss of confidentiality, integrity or availability. CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296. This bulletin...
IBM DB2 DoS (7145727) (Unix)
According to it self-reported version number, IBM Db2 is affected by a denial of service vulnerability with a specially crafted query under certain conditions.. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
IBM DB2 Multiple Vulnerabilities (7145721, 7145727) (Windows)
According to its self-reported version number, IBM Db2 on Windows may be affected by multiple vulnerabilites: - IBM Db2 is vulnerable to sensitive information disclosure when using ADMINCMD with IMPORT or EXPORT. CVE-2023-38729 - IBM Db2 is vulnerable to a denial of service caused by a specially...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.
Summary IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360 Vulnerability Detail...
CVE-2024-27254
CVE-2024-27254 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions in the 3.0/4.x line as listed in the remediation table) with a denial-of-service condition from a specially crafted query. The connected Red Hat entry confirms the vulnerability details and scop...
Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions (CVE-2024-27254)
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain conditions. Vulnerability Details CVEID:CVE-2024-27254 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server federated server is vulnerable to denial of service with a speciall...
CVE-2023-27254
creationtimestamp| type| source ---|---|--- 2023-10-25 22:52:42+00:00| seen| https://t.me/cibsecurity/72889...
CVE-2023-27254
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27254
IDAttend IDWeb application, versions 3.1.052 and earlier, contains an unauthenticated SQL injection in the GetRoomChanges method. The vulnerability allows extraction or modification of all data by unauthenticated attackers. No exploitation details are provided in the documents beyond the descript...
CVE-2023-27254 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A pair of recent vulnerabilities found in the automaker ecosystem might not seem like a real danger taken separately. But experts warn a lack of attention on cybersecurity could plague “smart” car and electric vehicle systems — and users — in years to come, as the use of automotive technology...
CVE-2022-27254 - PoC For Vulnerability In Honda's Remote Keyless System
PoC for vulnerability in Honda's Remote Keyless SystemCVE-2022-27254 Disclaimer: For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a student at UMass Dartmouth and HackingIntoYourHeart. Others mentioned in this repository are credited for...
CVE-2022-27254
creationtimestamp| type| source ---|---|--- 2022-03-23 15:39:22+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1706 2022-03-24 01:29:10+00:00| seen| https://t.me/cibsecurity/39470 2022-03-29 17:19:58+00:00| published-proof-of-concept| https://t.me/NeKaspersky/2047 2022-04-11...
CVE-2021-27254
creationtimestamp| type| source ---|---|--- 2021-03-05 22:47:43+00:00| seen| https://t.me/cibsecurity/24554...
CVE-2021-27254
The CVE-2021-27254 issue affects NETGEAR R7800 devices via the apply_save.cgi endpoint. Root cause: hard-coded encryption key enabling authentication bypass for network-adjacent attackers, allowing arbitrary code execution with root privileges. Documented in multiple sources (ZDI-21-252, Red Hat ...