CVE-2023-6375 Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely

Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials...

Tyler Technologies Magistrate Court Case Management Plus Security Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus that originates from storing backups which may contain sensitive information suc...

CVE-2023-4677

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...

CVE-2023-41786

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772...

CVE-2023-41786

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772...

Arbitrary file deletion

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772...

CVE-2023-41786 Database backups availability by low-privileged users

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772...

CVE-2023-41786

Pandora FMS is affected in versions 700–772, where low-privilege users could download database backups due to exposure of backups. The issue is confirmed in multiple sources and was remediated in versions v773–v775, with PandoraFMS releasing the final patch on 29 December 2023. If assessing mitig...

Artica Pandora FMS Security Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS versions 700 through 772, which stems from a sensitive information...

PT-2023-8737 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 772 Description: The issue is related to the exposure of sensitive information to unauthorized actors, allowing users with low privileges to download database backups. This can be exploited by a remote attacke...

PT-2023-8542 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions = 772 Description: The issue is related to insufficient protection of registration data in the Pandora FMS Console, allowing an attacker to gain unauthorized access to protected information and elevate their privileges to...

Open Solutions For Education openSIS Security Vulnerability

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education, USA. A security vulnerability exists in Open Solutions For Education openSIS Classic Community Edition version v9.0, which stems from the presence of a corrupted access...

Weak Encryption Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

CVE-2023-44318

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...

PT-2023-6990 · Siemens · Scalance Xb205-3

Name of the Vulnerable Software and Affected Versions: SCALANCE XB205-3 SC, PN versions prior to V4.5 SCALANCE XB205-3 ST, E/IP versions prior to V4.5 Description: The issue is related to the use of a hardcoded cryptographic key in the software of industrial switches. This could allow a remote...

Siemens SCALANCE 安全漏洞

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

PT-2023-6991 · Siemens · Scalance M826-2 Shdsl-Router +14

Name of the Vulnerable Software and Affected Versions: SCALANCE M804PB versions prior to V8.0 SCALANCE M812-1 ADSL-Router versions prior to V8.0 SCALANCE M816-1 ADSL-Router versions prior to V8.0 SCALANCE M826-2 SHDSL-Router versions prior to V8.0 SCALANCE M874-2 versions prior to V8.0 SCALANCE...

PT-2023-32459 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WordPress Backup & Migration Plugin versions up to, and including, 1.23.10 Description: The issue is related to Cross-Site Request Forgery due to a lack of nonce validation and insufficient validation of the instance id on the...

How to catch a wild triangle

In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform KUMA SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in...