Rapid Software Rapid SCADA Path Traversal Vulnerability

Rapid Software Rapid SCADA is an open source industrial automation platform from Rapid Software. A path traversal vulnerability exists in Rapid Software Rapid SCADA 5.8.4 and earlier versions, which stems from a vulnerability that allows an attacker to supply a malicious configuration file to...

ROS-20230911-10

Vulnerability of EmailValidator and URLValidator components of Django web application software platform is related to the use of regular expression with inefficient computational complexity when processing domain name labels in emails and URLs. domain name labels in emails and URLs. Exploitation ...

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automations Software Platform. OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and...

CVE-2023-31242

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...

PT-2023-25084 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: An improper resource allocation issue exists in the OAS Engine configuration management functionality. A specially crafted series of network requests can lead to the creati...

IBM WebSphere Application Server encryption problem vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server versions 8.5 and 9.0 ha...

Path traversal

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

CVE-2021-38410

CVE-2021-38410 affects AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0 and 4.4.6, vulnerable to DLL hijacking via an uncontrolled search path element. The root cause is search-path manipulation that can allow an attacker to load a malicious DLL from a location sp...

CVE-2021-38410 AVEVA PCS Portal Uncontrolled Search Path Element

AVEVA Software Platform Common Services PCS Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path...

Important: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes and Enhancements: nodejs:12/nodejs: rebase...

The vulnerability of the Cisco IOX software platform arises from the lack of measures taken to protect the structure of the web page, allowing attackers to enhance their privileges.

The vulnerability of the Cisco IOx software platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

CVE-2022-27169

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this...

Cambium Networks cnMaestro OS Command Injection Vulnerability (CNVD-2022-64237)

Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...

CVE-2022-24873

Shopware storefront is affected by a non-stored XSS vulnerability in versions prior to 5.7.9. The issue stems from inadequate input handling in the storefront, enabling script injection via URL parameters. It is fixed in version 5.7.9; mitigation guidance in older versions includes using the Shop...

Jenkins CloudBees AWS Credentials Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a software project, a Java-based continuous integration tool for monitoring continuously recurring work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated. Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995...

Bentley MicroStation CONNECT Remote Code Execution Vulnerability (CNVD-2022-30767)

A remote code execution vulnerability exists in Bentley MicroStation CONNECT, a Cad software platform for 2D and 3D design and drafting from Bentley Systems, Inc. Lack of proper validation of the length before copying user-supplied data to a heap-based buffer can be exploited by an attacker to...

Bentley MicroStation CONNECT Remote Code Execution Vulnerability (CNVD-2022-30768)

A remote code execution vulnerability exists in Bentley MicroStation CONNECT, a Cad software platform for 2D and 3D design and drafting from Bentley Systems, Inc. Lack of proper validation of the length before copying user-supplied data to a heap-based buffer can be exploited by an attacker to...

Airspan Networks Mmp Code Issue Vulnerability

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S. Airspan Networks Mmp is vulnerable to a code issue that could be exploited by an attacker to pass specially crafted data to the application and create...

Bentley MicroStation CONNECT Remote Code Execution Vulnerability (CNVD-2022-30769)

A remote code execution vulnerability exists in Bentley MicroStation CONNECT, a Cad software platform for 2D and 3D design and drafting from Bentley Systems, U.S.A. The vulnerability stems from a lack of verification of the existence of an object before performing operations on it The vulnerabili...

Moodle Input Validation Error Vulnerability (CNVD-2021-92540)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a security vulnerability exists in Moodle, which stems from a problem when the software restores backup files. an attacker could...