CVE-2019-18464

CVE-2019-18464 affects Progress MOVEit Transfer REST API across the affected branches: 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3). The vulnerability is SQL Injection in the REST API that can allow an unauthenticated attacker to gain unauthorized ...

CVE-2019-18464

In Progress MOVEit Transfer 10.2 before 10.2.6 2018.3, 11.0 before 11.0.4 2019.0.4, and 11.1 before 11.1.3 2019.1.3, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the...

CVE-2019-6848

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU BMEx58 and Modicon M580 communication module BMENOC0311, BMENOC0321 see notification for version info, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API...

CVE-2019-6850

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module...

Information disclosure

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module...

Design/Logic Flaw

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU BMEx58 and Modicon M580 communication module BMENOC0311, BMENOC0321 see notification for version info, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API...

Information disclosure

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module...

CVE-2019-6850

The CVE-2019-6850 issue affects Schneider Electric Modicon M580 and BMENOC 0311/0321. The vulnerability is an information disclosure (CWE-200) that occurs when reading specific registers via the controller/communication module REST API, allowing exposure of sensitive data. Root cause is informati...

CVE-2019-6850

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module...

CVE-2019-6849

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module...

CVE-2019-6849

CVE-2019-6849 affects Schneider Electric Modicon M580 controllers and BMENOC 0311/0321 modules, where certain Modbus REST API services may disclose sensitive information. The root cause is an information-exposure vulnerability (CWE-200) in the Modbus services exposed by the controller/communicati...

CVE-2019-6848

CVE-2019-6848 affects Schneider Electric’s Modicon M580 family — specifically the CPU BMEx58* and the BMENOC0311/BMENOC0321 communication modules. The root cause is a CWE-755 improper handling of exceptional conditions, which could allow a Denial of Service against the PLC when specific data is s...

CVE-2019-6848

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU BMEx58 and Modicon M580 communication module BMENOC0311, BMENOC0321 see notification for version info, which could cause a Denial of Service attack on the PLC when sending specific data on the REST API...

Cisco IOS Authentication Bypass (CVE-2019-12643)

An authentication bypass vulnerability exists in the Cisco REST API Software. This vulnerability is due to a debugging API endpoint being enabled by default in the management of the REST API authentication service. Successful exploitation of this vulnerability could lead to an authentication bypa...

UPDATE: FactionC2 2019-10-20

PenTestIT RSS Feed FactionC2 2019-10-20 was released a couple of days ago by the author. This C2 framework was briefly mentioned in my previous post titled List of Open Source C2 Post-Exploitation Frameworks. This release most importantly contains upgrades to .Net Core 3 version among additional...

Osmedeus v2.1 - Fully Automated Offensive Security Framework For Reconnaissance And Vulnerability Scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Usage page How to use ...

CVE-2019-10716

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request...

CVE-2019-10716

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request...

CVE-2019-10716

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request...

Comment properties do not respect permissions

h3. Issue Summary Comment properties do not respect permissions on the comment like the docs say|https://docs.atlassian.com/software/jira/docs/api/REST/8.4.1/api/2/comment/%7BcommentId%7D/properties-getProperty This issue was reported via bugbounty...