PT-2023-5067 · Microsoft · Azure Kubernetes Service

Name of the Vulnerable Software and Affected Versions: Microsoft Azure Kubernetes Service affected versions not specified Description: The issue is related to insufficient access controls in the Microsoft Azure Kubernetes Service, which can be exploited by a remote attacker to elevate their...

Tinycontrol LAN Controller 3 Remote Admin Password Change Exploit

!/bin/bash : " Tinycontrol LAN Controller v3 LK3 Remote Admin Password Change Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of vario...

Tinycontrol LAN Controller 3 Remote Admin Password Change

!/bin/bash : " Tinycontrol LAN Controller v3 LK3 Remote Admin Password Change Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readings of vario...

Tinycontrol LAN Controller v3 (LK3) Remote Admin Password Change

Summary Lan Controller is a very universal device that allows you to connect many different sensors and remotely view their readings and remotely control various types of outputs. It is also possible to combine both functions into an automatic if - this with a calendar when - then. The device...

PT-2023-7056 · Technicolor · Technicolor Tg670

Name of the Vulnerable Software and Affected Versions: Technicolor TG670 version 10.5.N.9 Description: The issue concerns the presence of multiple accounts with hard-coded passwords in the Technicolor TG670 device. One of these accounts has administrative privileges, which can allow for...

Loxone Miniserver 操作系统命令注入漏洞

Loxone Miniserver is a server from Loxone, Inc. that automates equipment in buildings, houses, and homes to provide energy management, monitoring, and other functions. A security vulnerability exists in Loxone Miniserver Go Gen.2 versions prior to 14.1.5.9, which stems from a websocket...

CVE-2023-0971

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered...

Authentication flaw

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered...

ASUS RT-AC86U 缓冲区错误漏洞

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from a buffer overflow vulnerability that originates from a boundary error when handling untrusted input, which can be exploited by a remote attacker with administrator privileges to execute...

CVE-2023-27512

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation...

Contec SolarView Compact 信任管理问题漏洞

Contec SolarView Compact is an application system from Contec Japan. It provides measurement system for photovoltaic power generation. A security vulnerability exists in the Contec SolarView Compact SV-CPT-MC310 Ver.8.10 prior and SV-CPT-MC310F Ver.8.10 prior, which stems from the presence of...

Stored Cross-Site Scripting (XSS)

backdrop/backdrop is vulnerable to Stored Cross-Site Scripting XSS attacks. A remote admin authenticated attacker is able to inject arbitrary web scripts or HTML through the name argument in Text Editors and Formats, modifying any sort of material, which allows the stored XSS payload to be execut...

Multiple vulnerabilities in SolarView Compact

Overview SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below. Use of hard-coded credentials CWE-798 - CVE-2023-27512 OS command injection in the download page CWE-78 - CVE-2023-27514 Buffer overflow in the multiple setting pages CWE-120 - CVE-2023-27518 OS...

Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording DVR devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 CVSS score: 9.8, a critical authentication bypass issue that could b...

CVE-2022-36963

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands...

Atos Unify OpenScape SBC 命令注入漏洞

Atos Unify OpenScape SBC is a datacenter-ready virtualization security application from Atos France. It is used to securely extend your applications beyond the network perimeter. A security vulnerability exists in Atos Unify OpenScape SBC 10 versions prior to 10R3.1.3, OpenScape Branch 10 version...

PT-2023-21091 · Conprosys · Conprosys Iot Gateway +3

Name of the Vulnerable Software and Affected Versions: CONPROSYS M2M Gateway versions 3.7.10 and earlier CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier Description: Inadequate encryption strength...

Delta Electronics InfraSuite Device Master 访问控制错误漏洞

Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. An authentication error vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5, which can be exploited by an attacker to achiev...

CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...

CVE-2022-47504

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...