44 matches found
CVE-2023-6381
Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file file with SMB extension to a user via a link or email attachment and persuade the user to open the file...
PT-2023-32636 · Unknown · Supermailer
Name of the Vulnerable Software and Affected Versions: Newsletter Software SuperMailer version 11.20.0.2204 Description: The issue is related to improper input validation, which can be exploited by sending a malicious configuration file with an SMB extension to a user via a link or email...
The vulnerability of the GE Proficy HMI/SCADA iFIX software control system lies in improper code generation, which allows attackers to gain full control over the software.
The vulnerability of the GE Proficy HMI/SCADA iFIX supervisory control software lies in improper code generation. Exploiting this vulnerability can allow an attacker to gain full control over the software by introducing a malicious configuration file into the expected web server execution path...
PT-2023-6557 · Siemens · Tia Portal
Name of the Vulnerable Software and Affected Versions: Totally Integrated Automation Portal TIA Portal versions V15 through V18 Update 1, with the following specifics: TIA Portal versions V15 TIA Portal versions V16 through V16 Update 7 TIA Portal versions V17 through V17 Update 6 TIA Portal...
Path traversal
A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes 'zip-slip'. File writes do not affect confidentiality or availability...
CVE-2022-40977 PILZ: PASvisu and PMI affected by ZipSlip
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes 'zip-slip'. File writes do not affect confidentiality or availability...
PT-2022-21768
Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior Description The issue allows an unauthenticated attacker to execute arbitrary malicious code by leading a user to load a project...
in pytorchlightning/pytorch-lightning
Description There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py core.saving.loadhparamsfromyaml functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously...
Schneider Electric Eurotherm by Schneider Electric GUIcon 缓冲区错误漏洞
Schneider Electric Eurotherm by Schneider Electric GUIcon is a suite of graphical user interface programming software from Schneider Electric France. Schneider Electric Eurotherm by Schneider Electric GUIcon suffers from a buffer error vulnerability that originates when a malicious .gd1...
Schneider Electric Eurotherm by Schneider Electric GUIcon 缓冲区错误漏洞
Schneider Electric Eurotherm by Schneider Electric GUIcon is a graphical user interface programming software from Schneider Electric France. Schneider Electric GUIcon suffers from a buffer overflow vulnerability that originates when a malicious .gd1 configuration file is loaded into the GUIcon...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2021-22759
A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...
CVE-2021-22755
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition...
CVE-2021-22756
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition...
Schneider Electric IGSS 缓冲区错误漏洞
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...
CVE-2021-22710
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF Configuration Group File file is imported to IGS...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context. P...
CVE-2020-36167
An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...
Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability
The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...
Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability
The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...