2425 matches found
PT-2023-26311 · Softing · Softing Edgeaggregator
Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this issue. The specif...
PT-2023-9089 · Inductive Automation · Inductive Automation Ignition
Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. The specific flaw exists within the ModuleInvo...
PT-2023-8251 · Inductive Automation · Inductive Automation Ignition
Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: The issue is related to the Base64Element class in Inductive Automation Ignition, which has flaws in its deserialization mechanism. This allows remote attackers to...
CVE-2023-36692 WordPress WP-Cirrus Plugin <= 0.6.11 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin = 0.6.11 versions...
PT-2023-26961 · Inductive Automation · Inductive Automation Ignition
Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit...
PT-2023-4356 · Inductive Automation · Inductive Automation Ignition
Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. The specific flaw exists within the...
(0Day) Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the AbstractGatewayFunction class. The issue results from the lack of proper...
PT-2023-24849 · Joseph C Dolson · My Content Management
Name of the Vulnerable Software and Affected Versions: Joseph C Dolson My Content Management plugin versions 1.7.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions...
Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue...
PT-2023-4350 · Triangle Microworks · Triangle Microworks Scada Data Gateway
Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. The specific flaw exists...
CVE-2023-37554
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
(Pwn2Own) Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Ignition Gateway server. The issue results from the exposure of a dangerou...
PT-2023-7976 · Tp Link · Tp-Link Tl-Wr902Ac
Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR902AC affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this issue...
PT-2023-19551 · Unknown · Wesecur Security Plugin
Name of the Vulnerable Software and Affected Versions: WeSecur Security plugin versions 1.2.1 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For WeSecur Security plugin versions...
PT-2023-8299 · D Link · D-Link Dir-X3260
Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...
PT-2023-8298 · D Link · D-Link Dir-X3260
Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...
PT-2023-8300 · D Link · D-Link Dir-X3260
Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. The specific flaw exists within the prog.cgi binary,...
PT-2023-5824 · D Link · D-Link Dir-3040
Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.cgi binary, whi...