Beckhoff TwinCAT Security Vulnerability

Beckhoff TwinCAT is a PC-based motion control software for industrial control applications from Beckhoff Germany. The software is based on Windows-based control and automation technology and converts any PC-based system into a real-time control system with multiple PLCs, NCs, CNCs and robotics...

McAfee Endpoint Security for Windows 10.6.1 / 10.7.0 September 2020 Update < 10.6.1 / 10.7.1 November 2020 Update Multiple Vulnerabilities (SB10335)

The version of the McAfee Endpoint Security ENS for Windows installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows...

CVE-2020-25406

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...

CVE-2020-25406

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...

Default credentials

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...

Lemocms Code Issues Vulnerabilities

Lemocms is a backend administration site builder developed by Lemocms Community based on ThinkPhp. A security vulnerability exists in lemocms version 1.8.x. The vulnerability stems from allowing users to upload files to upload executable files in appadmincontrollersysUploads.php...

CVE-2020-26552

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...

CVE-2020-13958

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...

CVE-2020-13958

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...

CVE-2020-13958

Summary: CVE-2020-13958 affects Apache OpenOffice

CVE-2020-27386

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...

Design/Logic Flaw

Unquoted service executable path in McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...

Path Traversal

node-downloader-helper is vulnerable to path traversal. Lack of sanitization of user-provided file path allows malicious server to traverse the file path in victim machine and install an executable in the start up folder...

PT-2020-16679 · Flexdotnetcms · Flexdotnetcms

Name of the Vulnerable Software and Affected Versions: FlexDotnetCMS versions prior to 1.5.9 Description: The issue allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code in the form of a safe file type and then renaming the...

Citrix RDSWatcher

Description RDSWatcher is an advanced Remote Desktop Services session state monitor and logger. It watches all sessions on any Windows machine and logs all session state changes with time stamp as accurately as twice a second. RDSWatcher provides the connection status of current sessions and is...

RealTime Optimization Pack Capability Checker

RealTime Optimization Pack Capability Checker v2.4.0 Created Date: Mar 22, 2017 Updated Date: Apr 30, 2018 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will...

RansomEXX Trojan attacks Linux systems

We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach ...

CVE-2020-13537

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

CVE-2020-13537

Moxa MXView Series 3.1.8 is affected by local privilege escalation vulnerabilities (CVE-2020-13537) where an attacker can gain SYSTEM privileges by abusing filesystem permissions. By default MXViewService runs with NT SYSTEM and executes a chain of Node.js scripts; an attacker can either add code...