Command Injection

gitblame is vulnerable to command injection. The vulnerability exists because the module.export function of gitblame.js does not properly sanitize the file parameter inside the exec functionality, allowing an attacker to inject and execute malicious code...

Will Not Work If Signatures Are Not Sorted

Lines of code Vulnerability details Commands cannot be executed if the signatures submitted are not stored. Proof-of-Concept Consider the following is submitted to the AxelarAuthWeighted.validateSignatures function. Operators = Alice, Bob, Charles Signatures = Charles's Signature, Bob's Signature...

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

GSD-2022-1004431 xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses()

xen-netfront: restore skbqueuetail positioning in xennetgetresponses This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.53 by commit...

Authentication flaw

Saia Burgess Controls SBC PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls SBC PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The...

CVE-2022-30319

Saia Burgess Controls SBC PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls SBC PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The potential impact is:...

CVE-2022-30320

Saia Burgess Controls SBC PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls SBC PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The...

CVE-2022-30320

The CVE-2022-30320 entry concerns Saia Burgess Controls (SBC) PCD and its S-Bus authentication over UDP (5050). The root cause is use of a CRC-16 based hash for password verification in the S-Bus write-byte authentication, which is not cryptographically secure. Reported impact is authentication b...

CVE-2022-29953

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

Hardcoded credentials

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

CVE-2022-30270

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5...

CVE-2022-29953

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

CVE-2020-36290

The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting XSS...

GHSA-V42Q-78W8-8FCC set-deep-prop Prototype Pollution

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

set-deep-prop Prototype Pollution

All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality...

Inductive Automation Ignition

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Improper Restriction of XML External Entity Reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Lin CMS Spring Boot 安全漏洞

Lin CMS Spring Boot is a SpringBoot-based CMS/DMS/Management System development framework from the team at TaleLin. A security vulnerability exists in Lin CMS Spring Boot version v0.2.1, which can be exploited by an attacker to access back-end information and functionality within an application...

Design/Logic Flaw

Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a...

CVE-2021-29788

CVE-2021-29788 affects IBM Engineering Requirements Quality Assistant On-Premises (all versions). A cross-site scripting vulnerability arises from inadequate data validation/output filtering, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials wit...

Ambit Technologies iTech Freelancer Script SQL注入漏洞

Ambit Technologies iTech Freelancer Script is a popular and cost-effective solution from Ambit Technologies India for launching your freelancer website. Ambit Technologies Itech Freelancer Script version 5.13 suffers from a security vulnerability that stems from the presence of unknown...