138 matches found
CVE-2024-1574
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...
CVE-2024-1574
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...
CVE-2024-1574
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in the licensing feature of Mitsubishi Electric GENESIS64 versions 10.97.2 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.2 and prior, Mitsubishi Electric Hyper Historian versions 10.97.2 a...
CVE-2024-1574
CVE-2024-1574 is an Unsafe Reflection vulnerability in the licensing service of ICONICS/Mitsubishi Electric products. Affected: ICONICS GENESIS64 and ICONICS Suite (GENESIS64, Hyper Historian, AnalytiX, MobileHMI) up to version 10.97.2; ICONICS GENESIS32/BizViz lines up to 9.7; MC Works64 all ver...
PT-2024-8945
Name of the Vulnerable Software and Affected Versions: ICONICS GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 Mitsubishi Electric MC Works64 all versions Description: The issue is related to the use of externally-controlled input to select classes or...
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update E)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable remotely Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite Vulnerabilities : Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper...
GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...
Exploit for Unsafe Reflection in Github Enterprise_Server
Intro This repository contains exploits we have developed for...
Unsafe Reflection
stimulusreflex is vulnerable to Unsafe Reflection. The vulnerability is due to insufficient validation of methods that can be called on Reflex instances. This vulnerability allows attackers to execute methods not intended for client-side interaction...
Unsafe Reflection
Overview stimulusreflex is an exciting new way to build modern, reactive, real-time apps with Ruby on Rails. Affected versions of this package are vulnerable to Unsafe Reflection due to the handling of websocket messages that allow specifying a classname and methodname. An attacker can manipulate...
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...
CVE-2023-6943
CVE-2023-6943 affects Mitsubishi Electric FA Engineering Software: EZSocket (v3.0–5.92), FR Configurator2 (all), GT Designer3 GOT1000 (all up to 1.325P), GT Designer3 GOT2000 (up to 1.320J), GX Works2 (1.11M+), GX Works3 (all), MELSOFT Navigator (1.04E–2.102G), MT Works2 (all), MX Component (4.00...
CVE-2023-6943
Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...
Mitsubishi Electric FA Engineering Software Products (Update D)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX...
PT-2024-1401 · Mitsubishi · Mx +8
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92 GT Designer3 Version1GOT1000 versions 1.325P and prior GT Designer3 Version1GOT2000 versions 1.320J and prior GX Works2 versions 1.11M and later GX Works3 versions 1.106L and prior...
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it address...
PYSEC-2023-260
A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...
Exploit for Unsafe Reflection in Hsqldb Hypersql_Database
Research into CVE-2022-41853: Using static functions to obtian...
Unsafe Reflection
thunderbird is vulnerable to Unsafe Reflection. This results in possible spoofing attacks since the website obscures fullscreen notifications using a URL scheme handled by an external program...