2877 matches found
CVE-2020-21554
A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...
Arbitrary file deletion
A File Deletion vulnerability exists in TinyShop 3.1.1 in the backlist parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms...
openstack-neutron: Routes middleware memory leak for nonexistent controllers
A resource-allocation flaw was found in openstack-neutron. An authenticated attacker could make API requests involving nonexistent controllers causing the API worker to consume increasing amounts of memory. This flaw could be exploited to force API performance degradation or denial of service...
openstack-neutron: Routes middleware memory leak for nonexistent controllers
A resource-allocation flaw was found in openstack-neutron. An authenticated attacker could make API requests involving nonexistent controllers causing the API worker to consume increasing amounts of memory. This flaw could be exploited to force API performance degradation or denial of service...
A Search for API Security in the Operator’s Tool Box
Much has been written about modern application security tools and solutions from the provider’s perspective about their functionality and security features. When I was asked to write a blog about API Gateways and API Security, I felt it may be more useful to think about the subject from the user’...
The vulnerability of the development environment “CX-Programmer,” which is part of the software suite “CX-One” designed for programming and configuring Omron PLCs, stems from the use of memory after it has been freed. This allows an attacker to execute arbitrary code.
The vulnerability of the development environment provided by CX-Programmer, which is part of the CX-One software suite designed for programming and configuring Omron PLCs, relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2022-25922
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...
CVE-2022-25922
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...
Authorization
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...
Schneider Electric EcoStruxure Control Experta 缓冲区错误漏洞
Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in Schneider Electric EcoStruxure Control Expert V15.0 SP1 and earlier versions tha...
Ninja Forms File Uploads Extension < 3.3.13 - Unauthenticated Stored Cross-Site Scripting
The plugin is vulnerable to stored cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites...
CVE-2022-25922 ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...
CVE-2022-25922
CVE-2022-25922 affects the Power Line Communications PLC4TRUCKS J2497 trailer brake controllers, where diagnostic functions can be invoked by replaying J2497 messages due to missing authentication/authorization for critical functions. This allows a remote attacker on the network/vehicle bus to tr...
CVE-2022-25922 ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions...
VDAs are still trying to register with old DDCs post changing the list of DDCs
Post changing the Delivery Controllers list, VDAs are still trying to register with the old Controllers. Deletes the old Delivery Controllers FQDN on "ListOfDDCs" key in "HKLM\Software\Citrix\VirtualDesktopAgent\Policy" registry and restarts the Citrix desktop service, however the VDAs are still...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD
Exploit Title: CL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page:...
ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification Exploit
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability. !/usr/bin/env python3 -...
Industrial Control Links Icl ScadaFlex II Scada Controllers 访问控制错误漏洞
Industrial Control Links Icl ScadaFlex II Scada Controllers is a set of Web Scada controllers from Industrial Control Links, Inc. It is designed to provide a complete Scada system at the lowest possible cost. An Access Control Error vulnerability exists in ICL ScadaFlex II SCADA Controllers...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification
!/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page: http://www.iclinks.com Product datasheet:...
AZL-8766 CVE-2020-25718 affecting package samba 4.12.5-7
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC read-only domain controller. This would allow an RODC to print administrator tickets...