SDG PnPSCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve...

CVE-2023-1934

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

Code injection

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

CVE-2023-1934

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

CVE-2023-1934

CVE-2023-1934 concerns SDG Technologies SDG PnPSCADA. The vulnerability is an unauthenticated, error-based PostgreSQL injection affecting the hitlogcsv.jsp endpoint, allowing remote attackers to read/modify data in the underlying database. Reported impact includes access to ICS/OT data and other ...

PT-2023-3021 · Postgresql · Postgresql

Name of the Vulnerable Software and Affected Versions: PnPSCADA affected versions not specified Description: The PnPSCADA system is affected by a critical unauthenticated error-based PostgreSQL Injection vulnerability. This security flaw is present within the "hitlogcsv.jsp" endpoint, allowing...

Design/Logic Flaw

An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is...

CVE-2018-15658

An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is...

Facebook collected users’ call and SMS logs with “their permission”

By Waqas Facebook is in hot waters for the last couple of This is a post from HackRead.com Read the original post: Facebook collected users' call and SMS logs with "their permission"...

TalariaX SendQuick Entera and Avera Device Authentication Bypass Vulnerability

TalariaX SendQuick Entera and Avera are both products of TalariaX Singapore. The former is a web-based server management system and the latter is a plug-and-play network monitoring system. A security vulnerability exists in versions of TalariaX SendQuick Entera and Avera devices prior to 2HF16. A...

Cross site request forgery (csrf)

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective...

CVE-2017-5137

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective...

CVE-2017-5137

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective...

PT-2017-16334 · Sendquick +1 · Sendquick Entera +1

Name of the Vulnerable Software and Affected Versions: SendQuick Entera versions prior to 2HF16 Avera versions prior to 2HF16 Description: An issue allows an attacker to request and download SMS logs without authentication. Recommendations: For SendQuick Entera versions prior to 2HF16, update to...