Information disclosure

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

CVE-2024-22216

CVE-2024-22216 affects Microchip maxView Storage Manager (Adaptec Smart Storage Controllers). The vulnerability resides in the Redfish server handling in versions 3.00.23484 through 4.14.00.26064, with older builds prior to 3.07.23980 and 4.07.00.25339 also affected. The issue allows unauthorized...

CVE-2023-52264

The beesblog aka Bees Blog component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharingurl is mishandled...

Malicious code in unit-testing-controllers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 206ebabfab4ea20b85ed6293c085ea8a6c0c0d85a70a1616a1963ac8556cf315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8774 Malicious code in unit-testing-controllers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 206ebabfab4ea20b85ed6293c085ea8a6c0c0d85a70a1616a1963ac8556cf315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...

Sql injection

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

ZKTeco ZKBio Time Security Vulnerability

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from China-based ZKTeco. Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance A security vulnerability exists in versions 13.0 through 16.0.1, which stems from an SQL injection...

PT-2023-32030 · Silicon · Gecko Sdk +1

Name of the Vulnerable Software and Affected Versions: Silicon Labs Z-Wave controller and endpoint devices versions prior to Z-Wave SDK v7.20.3 Gecko SDK v4.3.3 Description: A denial of service issue exists, allowing an attack to be carried out by devices on the network sending a stream of packet...

CVE-2023-46143 Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC...

CVE-2023-46143 Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC...

PT-2023-30678 · Cybrosys Techno Solutions · Cybrosys Techno Solutions Website Blog Search

Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Website Blog Search aka website search blog versions 13.0 through 13.0.1.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code and gain privileges via the name parameter in the...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

CVE-2023-38380

A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions = V6.1 V6.1 HF2, SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL 6AG2542-6VX00-4XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC 6AG1543-6WX00-7XE0 All versions V2.3, SIPLUS ET 200SP CP 1543SP-1 ISEC TX...

PT-2023-7875 · Phoenix Contact · Fc 350 Pci Eth +4

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT classic line PLCs affected versions not specified AXC 1050 AXC 1050 XC AXC 3050 FC 350 PCI ETH Description: The issue allows an unauthenticated remote attacker to modify some or all applications on a PLC due to a lack of code...

The vulnerability of microprogrammed software in programmable logic controllers and human-machine interfaces of the Unitronics Vision Series allows a perpetrator to gain administrative access to the device.

The vulnerability of microprogrammed software in programmable logic controllers and human-machine interfaces of the Unitronics Vision Series is related to the use of rigidly encoded credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain administrative...

The vulnerability of the Open Supervised Device Protocol implementation in the AXIS OS operating system of AXIS controllers allows a perpetrator to cause temporary disconnection of functions.

The vulnerability of the Open Supervised Device Protocol OSDP implementation in the AXIS OS operating system and AXIS controllers is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause temporary dysfunction of the functions...