CVE-2023-5754 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

CVE-2023-5754 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...

Cisco IOS XE Software Web UI Privilege Escalation (cisco-sa-iosxe-webui-privesc-j22SaA4z)

A vulnerability in the web UI feature of Cisco IOS XE Software, when exposed to the internet or to untrusted networks, could allow an unauthenticated, remote attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control ...

Arbitrary File Overwrite

ansible is vulnerable to Arbitrary File Overwrite. This vulnerability allows remote attackers to inject arbitrary HTML and script code into the response. This could allow attackers to steal cookies, perform phishing attacks, or take control of vulnerable systems...

Remote Code Execution (RCE)

libspf2 is vulnerable to Remote Code Execution RCE. The vulnerability could allow an attacker to execute arbitrary code on the Exim server, potentially allowing them to take control of the system or steal sensitive data...

Untrusted Search Path

vim is vulnerable to Untrusted Search Path. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server due to the way Vim searches for files. Once the vulnerability is exploited, the...

Use After Free

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the user's system a...

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, Firefox Focus for Android, and Firefox for Android. A cyber threat actor can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review...

The vulnerability of the AcSELerator QuickSet SEL-5030 device management tool, related to incomplete filtering of certain elements, allows a perpetrator to execute arbitrary codes.

The vulnerability of the device for controlling energy system components, AcSELerator QuickSet SEL-5030, is related to incomplete filtering of certain elements. Exploiting this vulnerability could allow an intruder to execute arbitrary code...

CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

Design/Logic Flaw

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

Drupal Releases Security Advisory to Address Vulnerability in Drupal Core

Drupal has released a security advisory to address a vulnerability affecting multiple Drupal versions. A malicious cyber actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CORE- 2023-006link ...

Microsoft Releases September 2023 Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s September 2023 Security Update Guidelink i...

CVE-2023-4704 External Control of System or Configuration Setting in instantsoft/icms2

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git...

Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder 路径遍历漏洞

Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder is a software tool for power system monitoring and control from Schweitzer Engineering Laboratories, USA. A security vulnerability exists in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder that...

VMware Releases Security Updates for Aria Operations for Networks

VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...

GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass

Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition. CISA encourages users and administrators to review the followi...

EuroTel ETL3100 Transmitter Default Credentials

EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x37 Microprocessor: socs0t08/socs0s08, Mode...

EuroTel ETL3100 Transmitter Default Credentials Vulnerability

EuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page:...