CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of...

CVE-2019-5135

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...

CVE-2019-5135

WAGO PFC100/200 Web-Based Management (WBM) authentication timing information disclosure (CVE-2019-5135) is detailed in the TALOS entry. The vulnerability resides in the WBM login routine where the PHP crypt() function is used to generate a password hash for comparison, allowing an attacker to inf...

CVE-2019-19281

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V2.5 and = V2.5 and = V2.5 and V20.8. Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The...

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of a Broken or Risky...

WAGO e!COCKPIT file path improper input validation vulnerability

Summary An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executi...

WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability

Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...

WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability

Summary An exploitable regular expression without anchors vulnerability exists in the Web-Based Management WBM authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information...

Moxa ioLogik Device Detection Consolidation

Consolidation of Moxa ioLogik device detections. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-1179)

According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18...

Total.js CMS Remote Code Execution Vulnerability

Total.js CMS is a content management system CMS based on a NoSQL database. A security vulnerability exists in the controllers/admin.js file in version 13 of Total.js CMS. The vulnerability can be exploited by a remote attacker to execute arbitrary code by sending a POST request to the...

ALPINE-CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

DEBIAN-CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

Code injection

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

CVE-2019-14765

Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...

CVE-2019-14765

Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...

Improper access control

Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...

CVE-2019-14765

Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...

CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...