CVE-2023-37225

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links...

Pexip Infinity Security Vulnerability

Pexip Infinity is a cloud collaboration platform for video conferencing from Pexip Norway. The product provides high quality and secure cloud conferencing capabilities. A security vulnerability exists in Pexip Infinity prior to version 32, which stems from a cross-site scripting XSS vulnerability...

PT-2023-23338 · Pexip · Pexip Infinity

Name of the Vulnerable Software and Affected Versions: Pexip Infinity versions prior to 31.2 Description: The issue is related to improper input validation for RTCP, which allows remote attackers to trigger an abort. Recommendations: For versions prior to 31.2, update to version 31.2 or later to...

CVE-2023-37225

Pexip Infinity before version 32 contains a cross-site scripting (XSS) flaw in the Webapp1 component via preconfigured links. Affected product: Pexip Infinity prior to 32. Root cause: XSS in the legacy Webapp1 workflow. Impact, per sources, centers on client-side script execution with user intera...

CVE-2023-31289

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort...

CVE-2023-31455

Pexip Infinity prior to version 31.2 is affected by an Improper Input Validation in RTCP handling. The root cause is improper validation of RTCP inputs, which allows remote attackers to trigger an abort. Affected product: Pexip Infinity (versions before 31.2). Impact as described: possibility to ...

CVE-2023-32088

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation...

PT-2023-23597 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 8.1 to Infinity 23.1.0 Description: The issue is related to an XSS problem with ad-hoc case creation. Recommendations: For Pega Platform versions 8.1 to Infinity 23.1.0, at the moment, there is no information about a...

Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting

==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...

Blst has logical error in SigValidate in Go bindings

Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...

PT-2023-35499 · Base +1 · Base +1

Name of the Vulnerable Software and Affected Versions: base affected versions not specified toml-reader versions 0.1.0.0 Description: The issue is related to memory exhaustion with large exponents in the readFloat function. Processing a number expressed in scientific notation with a very large...

The vulnerability of the software and hardware components of SCADA systems, such as the ABB Pulsar Plus System Controller NE843_S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power Plant H5692448 G630-4, Infinity DC Power Plant H5692448 G451C(2), Infinity DC Power Plant H5692448 G461(2), arises due to insufficient validation of input data. This vulnerability allows attackers to execute CSRF attacks.

The vulnerabilities of the software and hardware components of SCADA systems, such as ABB Pulsar Plus System Controller NE843S, Infinity DC Power Plant H5692448 G104, Infinity DC Power Plant H5692448 G842, Infinity DC Power Plant H5692448 G224L, Infinity DC Power Plant H5692448 G630-4, Infinity D...

Code injection

FastAsyncWorldEdit FAWE is designed for efficient world editing. This vulnerability enables the attacker to select a region with the Infinity keyword case-sensitive! and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6...

FastAsyncWorldEdit 资源管理错误漏洞

FastAsyncWorldEdit is a fork of WorldEdit with huge speed and memory improvements and many more features. A resource management error vulnerability exists in FastAsyncWorldEdit FAWE versions prior to 2.6.3, which stems from a vulnerability that allows an attacker to select the Shuowei region with...

GHSA-WHJ9-M24X-QHHP FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption

Coordinated Disclosure Timeline - 10.06.2023: Issue reported to IntellectualSites - 11.06.2023: Issue is acknowledged - 12.06.2023: Issue has been fixed - 22.06.2023: Advisory has been published Impacted version range Before 2.6.3 Details Proof of Concept As a user, do the following: 1. Select...

PT-2023-25384 · Unknown · Fastasyncworldedit

Name of the Vulnerable Software and Affected Versions: FastAsyncWorldEdit versions prior to 2.6.3 Description: This issue enables an attacker to select a region with the Infinity keyword and execute any operation, potentially bringing the server down. The attacker can exploit this by selecting a...

ABB Pulsar Plus Controller

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Pulsar Plus Controller Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

infinity-best.com Cross Site Scripting vulnerability OBB-3242354

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-26080

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G4612 – comcode 150047415...

Design/Logic Flaw

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G4612 – comcode 150047415...