Mitsubishi Electric MELSEC WS Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: WS0-GETH00200 Vulnerabilities: Active Debug Code 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-138-02...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : libwebp vulnerability (USN-6078-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6078-1 advisory. Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked...

CVE-2023-33002

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-32984

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

CVE-2023-32984

Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide a crafted...

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks

Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology OT networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the...

SDG PnPSCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve...

Rockwell Automation PanelView 800

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code...

Sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely...

Teltonika Remote Management System and RUT Model Routers

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Teltonika Equipment: Remote Management System and RUT model routers Vulnerabilities: Observable Response Discrepancy, Improper Authentication, Server-Side Request Forgery, Cross-site Scripting, Inclusio...

PT-2023-20762 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue affects the processing of the file /classes/Master.php, where the manipulation of the id argument leads to sql injection. The attack can be initiated...

PT-2023-20660 · Unknown · Weaver E-Office

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue was found in the File Upload Handler component, specifically in the /webroot/inc/utility all.php file, which leads to command injection. This issue can be exploited remotely. The vendo...

AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: / Content-Type:...

CVE-2023-29935

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && "operation was already replaced...

Hitachi Energy's RTU500 Series Product (UPDATE B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : RTU500 Series Vulnerabilities : Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION...

GLSA-202305-06 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-06 Mozilla Firefox: Multiple Vulnerabilities - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox This bug only affects Thunderbird for Linux...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...