140 matches found
Sensormatic PowerManage (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc Equipment: PowerManage Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This update advisory is a follow-up to the...
CVE-2021-31589
A cross-site scripting XSS vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization...
CVE-2021-31589
BeyondTrust Secure Remote Access Base software up to version 6.0.1 is affected by a cross-site scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via unsanitized web requests, with documented impact including potential execution of JavaScript i...
FATEK Automation Communication Server
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FATEK Automation Equipment: Communication Server Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3...
CVE-2021-20028
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier...
CVE-2021-20028
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier...
CVE-2021-20028
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier...
CVE-2021-20028
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier...
Claroty Secure Remote Access SQL注入漏洞
Claroty Secure Remote Access is a core component of the Claroty Platform from Claroty, Inc. that provides frictionless, reliable and highly secure remote access for OT environments. A SQL injection vulnerability exists in Claroty Secure Remote Access that stems from an SQL injection vulnerability...
SonicWall SRA/SMA SQL注入漏洞
Sonicwall SRA and Sonicwall SMA are both security protection products for enterprise managed security access from SonicWall USA. SonicWallSRA/SMA suffers from a SQL injection vulnerability that allows a remote, unauthenticated attacker to execute SQL statements to steal sensitive internal account...
Claroty Secure Remote Access 安全漏洞
Claroty Secure Remote Access is a core component of the Claroty Platform from Claroty, Inc. that provides frictionless, reliable and highly secure remote access for OT environments. A security vulnerability exists in Claroty Secure Remote Access that allows them to generate valid session tokens f...
Sonicwall SonicWall NetExtender Windows client Code Issue Vulnerability
Sonicwall NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from Sonicwall, Inc. A security vulnerability exists in SonicWall NetExtender Windows client version 10.2.300 and earlier, the source of which allows a local attacker to gain elevated...
SonicWall / Dell SonicWALL SRA / SMA Detection Consolidation
Consolidation of SonicWall / Dell SonicWALL Secure Mobile Access SMA and Secure Remote Access SRA detections. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...
Unspecified Vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliances Software ASA Software is a suite of firewall and network security platforms from Cisco. A security vulnerability exists in the Secure Sockets Layer SSL VPN feature of Cisco ASA Software, which stems from the program not properly handling Base64 encoded strings. ...
Entes EMG 12
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Entes Equipment: EMG 12 Vulnerabilities: Improper Authentication, Information Exposure Through Query Strings in GET Request 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...
SIEMENS SCALANCE M875 Information Disclosure Vulnerability
SCALANCE M industrial routers are used for secure remote access to the plant via mobile networks, e.g. GPRS or UMTS, with integrated security features such as firewalls to prevent unauthorized access and VPNs to protect data transmission. SIEMENS SCALANCE M875 has an information disclosure...
The vulnerability of the “diagnostics” component of the CGI application for the web interface of the Sonicwall Secure Remote Access system management console allows a hacker to execute arbitrary commands.
The vulnerability of the “diagnostics” component /cgi-bin/diagnostics of the CGI application for the web interface of the Dell Inc. Sonicwall Secure Remote Access SRA system management application is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a...
The vulnerability of the “viewcert” component in the CGI application of the web interface for administering the Sonicwall Secure Remote Access server allows a perpetrator to execute arbitrary commands.
The vulnerability of the “viewcert” component /cgi-bin/viewcert of the CGI application for the web interface of the Dell Inc. Sonicwall Secure Remote Access SRA system management application is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a...
[SECURITY] Fedora 26 Update: openssh-7.5p1-4.fc26
SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...
WECON Technology Co., Ltd. LeviStudio HMI Editor
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, a...