869 matches found
WAVLINK WL-WN530H4 安全漏洞
WAVLINK WL-WN530H4 is a router from China RuiYin Technology WAVLINK. A security vulnerability exists in WAVLINK WL-WN530H4 M30H4.V5030.210121 version, which originates from an access control issue in the component /cgi-bin/ExportLogs.sh, and can be exploited by an attacker to download configurati...
CVE-2022-48165
CVE-2022-48165 affects Wavlink WL-WN530H4 M30H4.V5030.210121; the vulnerable component is /cgi-bin/ExportLogs.sh, enabling unauthenticated access to download configuration data, log files, and admin credentials. The Connected documents corroborate improper access control and potential for unautho...
3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox
Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. --- ANY.RUN's top...
libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...
CVE-2022-3711
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...
Sophos Firewall SQL注入漏洞
Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows an API client to read the contents of its user's configuration database via SQL injection...
WAVLINK WN531G3 Access Control Error Vulnerability
The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...
CVE-2022-44356
WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files...
CVE-2022-44356
WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files...
WAVLINK WN531G3 安全漏洞
The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...
PT-2022-27192 · Wavlink · Wavlink Quantum D4G
Name of the Vulnerable Software and Affected Versions: WAVLINK Quantum D4G WL-WN531G3 versions M31G3.V5030.200325 through M31G3.V5030.201204 Description: The issue allows unauthenticated attackers to download configuration data and log files due to an access control problem. Recommendations: For...
CVE-2022-44356
WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files...
Siemens SINUMERIK ONE and SINUMERIK MC Insufficiently Protected Credentials (CVE-2022-38465)
A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions prior to 21.1.0 that stems from the fact that GoCD discloses the symmetric key used to encrypt/decrypt any security variables/secrets in the GoCD configuration to an authenticated agent, a malicious/compromised...
CVE-2022-39849
Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...
CVE-2022-39849
Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...
CVE-2022-39849
Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...
CVE-2022-39850
Improper access control in mumcontainerpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...
CVE-2022-39850
Improper access control in mumcontainerpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...
Improper access control
Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...