CVE-2024-55957

In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software ICSW before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems...

CVE-2025-22800

Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11...

PaperCut NG 安全漏洞

PaperCut NG is a printer control software from PaperCut, Inc. A security vulnerability exists in PaperCut NG that stems from the exposure of a dangerous function with a remote code execution vulnerability that could allow a remote attacker to execute arbitrary code on an affected installation...

CVE-2024-11306

A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The...

CVE-2024-11306

The CVE-2024-11306 entry concerns Altenergy Power Control Software up to 20241108 where an improper authorization vulnerability exists in the /index.php/display/database/ endpoint. A remote attacker could exploit this to gain unauthorized processing access; the exploit has been disclosed publicly...

CVE-2024-11306 Altenergy Power Control Software database improper authorization

A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The...

CVE-2024-11305

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function getstatuszigbee of the file /index.php/display/statuszigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated...

CVE-2024-11305

Altenergy Power Control Software contains a SQL injection in the get_status_zigbee function (file /index.php/display/status_zigbee) index parameter date. The vulnerability affects versions up to 20241108 and can be exploited remotely. The nuclei template specifies that authenticated attackers cou...

CVE-2024-11305 Altenergy Power Control Software status_zigbee get_status_zigbee sql injection

A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function getstatuszigbee of the file /index.php/display/statuszigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated...

Altenergy Power System Control Software 注入漏洞

Altenergy Power System Control Software is microinverter control software from Altenergy Power System. An injection vulnerability exists in Altenergy Power Control Software 20241108 and prior versions that stems from an improper authorization issue in the file /index.php/display/database/...

Altenergy Power System Control Software 注入漏洞

Altenergy Power System Control Software is microinverter control software from Altenergy Power System. An injection vulnerability exists in Altenergy Power System Control Software version 20241108 and prior versions, which stems from an SQL injection in parameter date...

PT-2024-16897 · Altenergy · Altenergy Power Control

Name of the Vulnerable Software and Affected Versions: Altenergy Power Control Software versions up to 20241108 Description: A critical vulnerability has been found in the Altenergy Power Control Software, affecting the get status zigbee function of the file /index.php/display/status zigbee. The...

CVE-2022-25768

The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade proces...

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

The Singapore Police Force SPF has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9...

PaperCut NG 安全漏洞

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG that stems from a code injection vulnerability in the External User Lookup feature...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from a vulnerability that allows an attacker to expose files on the server to affected API endpoints via a payload...

PaperCut NG/MF Security Vulnerabilities

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that originates from allowing unauthorized write operations that could result in remote code execution...

APsystems Energy Communication Unit (ECU-C) Power Control Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable via adjacent network / low attack complexity Vendor : APsystems Equipment : Energy communication Unit ECU-C Power Control Software Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this...

Panasonic Control FPWIN Pro Security Vulnerability

Panasonic Control FPWIN Pro is a programming software from Panasonic Corporation Japan. A security vulnerability exists in Panasonic Control FPWIN Pro 7.7.0.0 and prior versions, which stems from an out-of-bounds read vulnerability that could allow an attacker to execute arbitrary code via...

VulnCheck KEV: CVE-2023-28343

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...