CVE-2025-70046

An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master...

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to obtain sensitive information CVE-2024-38476

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38476 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend...

CVE-2024-43690

CVE-2024-43690 describes that Gallagher Command Centre Server and Command Centre Workstations are affected by CWE-829 due to the inclusion of functionality from an untrusted control sphere, which may allow an attacker to perform Remote Code Execution (RCE). Affected products/versions include: Com...

tddpd enable_test_mode command execution vulnerability

Talos Vulnerability Report TALOS-2023-1862 tddpd enabletestmode command execution vulnerability April 9, 2024 CVE Number CVE-2023-49133,CVE-2023-49134 SUMMARY A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point...

WAGO Controller BACnet Security Vulnerability

WAGO Controller BACnet is a series of controllers from WAGO Germany. A security vulnerability exists in the WAGO Controller BACnet 750-831/xxx-xxx that stems from the presence of a buffer overflow vulnerability. An attacker can exploit the vulnerability by sending specially crafted packets to the...

GHSA-CMH9-RX85-XJ38 XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

XSS sidekiq-unique-jobs UI server vulnerability

Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...

YouPHPTube <= 7.8 - Multiple Vulnerabilities

Exploit Title: YouPHPTube getLanguage; if !empty$GET'lang' $GET'lang' = striptags$GET'lang'; $SESSION'language' = $GET'lang'; @includeonce "$global'systemRootPath'locale/$SESSION'language'.php"; The parameter "lang" can be modified and load a php file in the server. In Document root: /phpinfo.php...

WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities

Exploit Title: WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Vendor Homepage: http://wpn-xm.org/ Software Link : https://github.com/WPN-XM/WPN-XM/ Tested Version: 0.8.6 Tested on: Windows 10 using XAMPP Vulnerability Type: Local File Inclusion LFI &...

WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities

Exploit Title: WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://wpn-xm.org/ Software Link : https://github.com/WPN-XM/WPN-XM/ Tested Version: 0.8.6 Tested on: Windows 10 using XAMPP Vulnerability Type:...

WPN-XM Serverstack For Windows 0.8.6 XSS / LFI / Traversal

Exploit Title: WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2022-02-13 Vendor Homepage: http://wpn-xm.org/ Software Link : https://github.com/WPN-XM/WPN-XM/ Tested Version: 0.8.6 Tested on: Windows 10 using XAMPP Vulnerability Type:...

ICONICS Suite and Mitsubishi Electric MC Works64 Products (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite, MC Works64 Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere, Out-of-Bounds Read 2...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1252-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

CVE-2021-1460

The CVE-2021-1460 issue affects the Cisco IOx Application Framework running on Cisco 809/829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway. The root cause is insufficient error handling during packet processing in the IOx web server, which could be tr...

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection (cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE)

According to its self-reported version, IOS is affected by a vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to...

Multiple Cisco Products Input Validation Error Vulnerability (CNVD-2020-31997)

Cisco 809 Industrial Integrated Services Routers are products of Cisco Corporation.Cisco 809 Industrial Integrated Services Routers are industrial integrated multi-service routers.Cisco 829 Industrial Integrated Services Routers are industrial integrated multi-service routers.Cisco 1000 Series...

Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000 IOS Software Trust Management Issue Vulnerabilities

Cisco 1000 Series Connected Grid Routers CGR1000 is a 1000 Series Internet Grid Router from Cisco. A trust management issue exists in the virtual console authentication of the IOS Software in Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000. The vulnerability stems from the...

CVE-2020-3257

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 that are running Cisco IOS Software could allow an attacker to cause a denial of service DoS condition...

CVE-2020-3258

Cisco IOS Software CVE-2020-3258 affects Cisco 809/829 Industrial ISRs and CGR1000; a vulnerability in a diagnostic test CLI command can modify run-time memory, enabling an unauthenticated remote attacker or an authenticated local attacker to execute arbitrary code or cause a crash/reload. Exploi...