PT-2022-18505 · Unknown · Flexi-Compact Flx3-Cpuc1 +1

Name of the Vulnerable Software and Affected Versions: Flexi-Compact FLX3-CPUC1 affected versions not specified Flexi-Compact FLX3-CPUC2 affected versions not specified Description: A remote unprivileged attacker can interact with the configuration interface to potentially impact the availability...

PT-2022-5653 · Oracle +1 · Virtualbox +1

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.40 Description: The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing an unauthenticated attacker with network access via VRDP to compromise...

GHSA-WJ5C-J656-H5FW Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

In Jenkins before versions 2.44 and 2.32.2, node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...

PrintNightmare

This is a PoC Proof of Concept exploit for the Print Nightmare vulnerability, which affects Windows Print Spooler service. The repository contains a Visual Studio solution file EXP/POC.sln that includes a C++ project POC with a main function. The project uses the RPC Remote Procedure Call client...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana before 7.4.1 that allows an unauthenticated...

Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the JMX remote interface. This interface...

PT-2020-14789 · Temi · Temi Robox Os +1

Name of the Vulnerable Software and Affected Versions: temi Robox OS versions prior to 120 temi Android app versions up to 1.3.7931 Description: The issue allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests. Recommendations: For temi...

CVE-2020-2077

SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly...

docker-compose-remote-api injection vulnerability

docker-compose-remote-api is a connection interface between Docker-Compose and the Docker Remote API. An injection vulnerability exists in docker-compose-remote-api 0.1.4 and earlier versions, which stems from the 'execserviceName, cmd, fnStdout, fnStderr, fnExit' function failing to clean up. Th...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

ABB SREA-01 Communications Adapter Detection

Binary data 761513.prm...

DLL Hijacking Vulnerability in Display Control Remote HMI

Shenzhen Xianzhong Technology is a national high-tech enterprise specializing in the research and development, production, sales and service of Industry 4.0 core products. There is a dll hijacking vulnerability in Remote HMI. Attackers can construct a malicious application placed in a specific...

TP-Link EAP Controller for Linux Authentication Bypass Vulnerability

TP-Link EAP Controller for Linux is a set of software for remote control of wireless AP access point devices based on Linux platform from China's TP-LINK. A security vulnerability exists in EAP Controller for Linux, which originates from the RMI interface not requiring authentication before use. ...

SQL Injection Vulnerability in iReader Digital Resources Remote Access Management System

The iReader Digital Resources Remote Access Management System is a software system specifically tailored for digital library users for patrons to remotely access the library's digital resources. A SQL injection vulnerability exists in the iReader Digital Resources Remote Access Management System...

Claymore Dual GPU miner buffer overflow vulnerability

Claymore Dual GPU miner is a GPU monitoring software for mining virtual currency computing. A buffer overflow vulnerability exists in the remote management interface's request handler in Claymore Dual GPU miner version 10.1. The vulnerability can be exploited by a remote attacker to execute...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

Apache Jetspeed User Manager Unauthorized Operation Vulnerability

Apache Jetspeed is the United States Apache Apache Software Foundation's use of Java and XML development of a set of open portal platforms and enterprise information portals. User Manager service is one of the user management services. An unauthorized operation vulnerability exists in the User...

VMware vCenter Server JMX RMI Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the configuration of the JMX remote interface. This interface allows a remote attack...

EMC Secure Remote Services Virtual Edition Unauthorized Access Vulnerability

EMC Secure Remote Services Virtual Edition is the virtual edition of the Remote Services software that provides two-way remote connectivity between EMC customer service and end-user EMC products and solutions. EMC Secure Remote Services Virtual Edition system to create a session COOKIE is not...

Huawei EchoLife HG520c Denial of Service and Modem Reset

No description provided by source. Exploit Title: Huawei EchoLife HG520c Denial of Service and Modem Reset Date: 2010-04-19 Author: hkm Product Link: http://www.huawei.com/mobileweb/en/products/view.do?id=660 Firmware Versions: 3.10.18.7-1.0.7.0 3.10.18.5-1.0.7.0 3.10.18.4 Software Versions:...