19 matches found
CVE-2026-40503
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
CVE-2026-40502
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
CVE-2026-40502 OpenHarness Remote Administrative Command Injection via Gateway Handler
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...
CVE-2026-40503 OpenHarness Path Traversal Information Disclosure via /memory show
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
OpenHarness 安全漏洞
OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU. Previous versions of OpenHarness had security vulnerabilities, which stemmed from insufficient differentiation between local commands and remote secure commands processed by the gateway. This vulnerabili...
PT-2026-33196
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...
GHSA-83F3-HH45-VFW9 OpenClaw: Android accepted cleartext remote gateway endpoints and sent stored credentials over ws://
Summary Before OpenClaw 2026.4.2, Android accepted non-loopback cleartext ws:// gateway endpoints and would send stored gateway credentials over that connection. Discovery beacons or setup codes could therefore steer the client onto a cleartext remote endpoint. Impact A user who followed a forged...
PT-2025-44082
Name of the Vulnerable Software and Affected Versions Yonyou U8 Cloud versions prior to 5.1sp Description A flaw exists in Yonyou U8 Cloud that allows for unrestricted file upload. This issue stems from manipulation of the ts/sign argument within a request header handled by an unknown function in...
EUVD-2019-7972
Malware in sbrugna...
CVE-2019-17667
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...
CVE-2019-17667
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...
Cross site scripting
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...
CVE-2019-17667
Summary of CVE-2019-17667 : Affected product is the Comtech H8 Heights Remote Gateway, version 2.5.1. The cited issue is an XSS/HTML injection vulnerability exposed through the SiteName field. The connected PT-2019-15246 entry confirms the affected software/versions and provides a concrete remedi...
CVE-2019-17667
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...
PT-2019-15246
Name of the Vulnerable Software and Affected Versions Comtech H8 Heights Remote Gateway version 2.5.1 Description The issue allows for XSS and HTML injection attacks through the SiteName field. Recommendations For Comtech H8 Heights Remote Gateway version 2.5.1, avoid using the SiteName field unt...
Pandora FMS 5.0RC1 Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Pandora FMS Remote Code Execution", 'Description' = %q This module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It...
DEBIAN-CVE-2012-6128
Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service application crash via a long 1 hostname, 2 path, or 3 cookie list in a response...
CVE-2010-3302
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet...