151 matches found
CVE-2023-20878
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system...
Deserialization of untrusted data
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system...
CVE-2023-20878
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system...
PT-2023-19816 · Unknown · Sunnet Ctms
Name of the Vulnerable Software and Affected Versions: SUNNET CTMS affected versions not specified Description: The issue is related to a path traversal vulnerability within the file uploading function of SUNNET CTMS. This allows an authenticated remote attacker with general user privileges to...
PT-2023-17678 · A+Hrd · A+Hrd
Name of the Vulnerable Software and Affected Versions: a+HRD affected versions not specified Description: The issue concerns Deserialization of Untrusted Data within the MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this to execute arbitrary system commands,...
Security Bulletin: CLI access security issue on IBM SAN Volume Controller and Storwize Family (CVE-2014-0880)
Summary Security Bulletin: CLI access security issue on IBM SAN Volume Controller and Storwize Family CVE-2014-0880 Vulnerability Details Security Bulletin --- Summary --- CLI security issue Vulnerability Details --- CVEID: CVE-2014-0880 DESCRIPTION: An unauthorized user with network access to a...
Authentication flaw
Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...
CVE-2023-28398 CVE-2023-28398
Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...
CVE-2018-25048 Codesys Runtime Improper Limitation of a Pathname
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device...
SAP NetWeaver AS 路径遍历漏洞
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS suffers from a path traversal vulnerability that arises when a network system or product fails to properly filter special elements i...
Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification
Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...
K34514540: TMM vulnerability CVE-2017-6138
Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules...
Command injection
Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service...
CVE-2022-38699
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the...
CVE-2022-38699 ASUS Armoury Crate Service - Arbitrary File Creation via Elevation of Privilege Flaw
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the...
CVE-2022-38699
Armoury Crate Service (ASUS Armoury Crate Service) is affected by a symbolic-link vulnerability in its logging function. The issue arises because the logging path validation does not detect if the log file is a symbolic link, enabling a physical attacker with general user privileges to modify the...
PT-2022-4942 · Unknown · Smart Evision
Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue is related to a path traversal vulnerability in Smart eVision's file acquisition function. This vulnerability is caused by insufficient filtering for special characters in t...
CVE-2022-23144
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system...
Conti, DeadBolt Target Delta, QNAP
Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers. Delta Electronics, an electronics company that provides products for Apple, Tesla...
CVE-2022-22056 Le-yan Co., Ltd. dental management system - Hard-coded Credentials
The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...