CVE-2024-23194

Improper output Neutralization for Logs CWE-117 in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 MR1...

Gallagher Command Centre security breach

Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre vEL9.10.1268 MR1 prior to v9.10, which stems from an improperly neutralized log output may give an attacker limited...

Juniper Networks Junos OS Evolved Security Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. A security vulnerability exists in Juniper Networks Junos OS Evolved that stems from a lack of authorization vulnerability that could allow an authenticated, low-privileged local attacker to modify certain...

The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer allows a perpetrator to gain access to modify arbitrary files.

The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer is related to the use of dangerous HTTP methods. Exploiting this vulnerability can allow a malicious actor to remotely access and modify arbitrary files...

CVE-2023-42503

A flaw was found in Apache Commons Compress, where it would permit the creation of a malformed TAR file by manipulating file modification time headers. This issue can lead to excessive CPU consumption and a denial of service, affecting the availability...

CVE-2024-0949

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

Multiple vulnerabilities in Ricoh Streamline NX PC Client

Overview Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. ricoh-2024-000004 Improper restriction of communication channel to intended endpoints CWE-923 - CVE-2024-36252 ricoh-2024-000005 Use of hard-coded credentials CWE-798 -...

Hazardous Method or Function Vulnerability Exposed by Siemens SINEC Traffic Analyzer

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer has an exposed dangerous method or...

CVE-2024-35209

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...

CVE-2024-35209

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V1.2. The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files...

Siemens SINEC Traffic Analyzer 安全漏洞

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer has an exposed dangerous method or...

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

PT-2024-31920

Name of the Vulnerable Software and Affected Versions ARForms - Premium WordPress Form Builder Plugin versions prior to 6.6 Description The issue allows unauthenticated users to modify uploaded files, enabling the upload of PHP code when an upload file input is included on a form. Recommendations...

CVE-2023-5751 CODESYS: Development system prone to DoS through exposure of resource to wrong sphere

A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere...

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...

CVE-2024-4163

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...

CVE-2024-4163 Privilege Escalation on Skylab IIoT Gateway (IGX)

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...

GHSA-2P2X-P7WJ-J5H2 PsiTransfer: File integrity violation

Summary The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. Details Vulnerable endpoint: PATCH /files/id PoC 1. Create a file distribution. 2. Go to the...

PsiTransfer: File integrity violation

Summary The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. Details Vulnerable endpoint: PATCH /files/id PoC 1. Create a file distribution. 2. Go to the...