PT-2023-6629 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 4.2.0-beta1 through 4.2.0-rc1 Description: The issue is related to insufficient request validation on the server side, allowing attackers to inject arbitrary data into HTTP requests issued by Mastodon. This can be used to...

SAP CommonCryptoLib代码问题漏洞

SAP CommonCryptoLib is a cryptographic library from SAP, a German company. A security vulnerability exists in SAP CommonCryptoLib version 8.5.38 and below, which stems from a null pointer reference vulnerability in the software. An unauthenticated attacker could use this vulnerability to send...

CVE-2017-17675

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data...

CVE-2018-11421

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to...

Inductive Automation Ignition Cross-Site Scripting Vulnerability

Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition has a security vulnerability that can be exploited by an attacker to execute malicious content in a vulnerable web application. The server reads data directly from the HTTP request and th...