225 matches found
SUSE CVE-2020-12409
When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...
PT-2022-36239 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.15.65 through 5.15.77 Description: A null pointer dereference issue was found in the neigh table clear function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
Internet Bug Bounty: Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable
Describe the summary: The Electron Website provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
advokat-77.ru Cross Site Scripting vulnerability OBB-2971570
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Sensormatic Electronics iSTAR
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls Inc. Equipment: iSTAR Ultra Vulnerability: Command Injection 2. RISK EVALUATION An unauthenticated user could use a malicious request to run...
mySCADA myPRO
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Technologies Equipment: mySCADA myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run commands directly in the...
InHand Networks InRouter302 httpd wlscan_ASP OS command injection vulnerability
Summary An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...
mySCADA myPRO
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...
Multiple vulnerabilities in OMRON CX-Programmer
Overview CX-Programmer provided by OMRON Corporation contains multiple vulnerabilities listed below. Out-of-bounds Write CWE-787 - CVE-2022-21124 Use After Free CWE-416 - CVE-2022-25230 Use After Free CWE-416 - CVE-2022-25325 Out-of-bounds Read CWE-125 - CVE-2022-21219 Out-of-bounds Write CWE-787...
Ascendex cryptocurrency exchange hacked – $77 million stolen
By Waqas Ascendex has lost $77 million worth of RC20, BSC, and Polygon tokens to cyberattack. This is a post from HackRead.com Read the original post: Ascendex cryptocurrency exchange hacked - $77 million stolen...
CVE-2021-36180
Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
Command injection
Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
CVE-2021-36180
Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
CVE-2021-36180
Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
CVE-2021-36180
CVE-2021-36180 affects Fortinet FortiWeb, specifically the management interface. The issue is described as multiple improper neutralization of special elements used in a command (CWE-77) that could allow an authenticated attacker to execute unauthorized code or commands via crafted HTTP request p...
FortiWeb - OS command injection
Multiple improper neutralization of special elements used in a command vulnerabilities CWE-77 in FortiWeb management interface may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests...
rumont-77.fr Improper Access Control vulnerability OBB-2239405
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
77-construction.com Cross Site Scripting vulnerability OBB-1454641
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-25599
CVE-2020-25599 affects Xen up to 4.14.x, with race conditions in evtchn_reset() potentially allowing x86 PV guests to escalate to host privileges, cause host/guest crashes, or DoS. All Xen 4.5+ are vulnerable; 4.4 and earlier are not. Several vendor advisories indicate patches were released to fi...
CVE-2020-25599
An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...