CVE-2020-10265

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safe...

CVE-2020-10265

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safe...

Authorization

Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safe...

CVE-2020-10265

The CVE-2020-10265 entry covers UR Universal Robots Robot Controllers (CB2 1.4+, CB3 3.0+, e-series 5.0+) exposing a DashBoard server on port 29999 that allows control over core robot functions (start/stop programs, shutdown, reset safety, etc.) without authentication/authorization. This unauthen...

PT-2020-12014 · Universal Robots · Universal Robots Robot Controllers

Name of the Vulnerable Software and Affected Versions: Universal Robots Robot Controllers versions 1.4 and upwards Universal Robots Robot Controllers CB3 SW Version 3.0 and upwards Universal Robots Robot Controllers e-series SW Version 5.0 and upwards Description: The issue concerns the exposure ...

Cross site scripting

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

Server side request forgery (ssrf)

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation port-scanning and to perform requests to adjacent workstations network-scanning, aka SSRF...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-6516

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation port-scanning and to perform requests to adjacent workstations network-scanning, aka SSRF...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-6516

CVE-2019-6516 affects WSO2 Dashboard Server 2.0.0. It enables an SSRF flaw where an attacker can coerce the application to make requests to internal workstations (port-scanning) and to adjacent systems (network-scanning). Root cause described as server-side request forgery in the affected compone...

CVE-2019-6514

The CVE-2019-6514 entry affects WSO2 Dashboard Server 2.0.0 and describes a stored XSS flaw: a JavaScript payload can be injected and stored in the database, then displayed and executed on the same page. The documentation notes remediation via security patch releases from WSO2 (see references). N...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

Security Bulletin: Information Disclosure Vulnerability in Tivoli Business Service Manager (CVE-2016-0286)

Summary Information about an information disclosure security vulnerability affecting Tivoli Business Service Manager TBSM is published in this security bulletin. Manipulation of communication between the TBSM Dashboard server and the TBSM Data Server could result in information disclosure...

WSO2 Identity Server 5.3.0 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...

WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...

Cross site scripting

The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is...

CVE-2017-14995

CVE-2017-14995: A stored XSS vulnerability in the Management Console affects multiple WSO2 products (WSO2 Application Server 5.3.0; WSO2 Business Process Server 3.6.0; WSO2 Business Rules Server 2.2.0; WSO2 Complex Event Processor 4.2.0; WSO2 Dashboard Server 2.0.0; WSO2 Data Analytics Server 3.1...

CVE-2012-1464

Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party informatio...

Design/Logic Flaw

Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party informatio...