PT-2023-9401 · Siemens · Siplus S7-1200 Cp 1243-1 +20

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1242-7 V2 versions prior to V3.4.29 SIMATIC CP 1243-1 versions prior to V3.4.29 SIMATIC CP 1243-1 DNP3 versions prior to V3.4.29 SIMATIC CP 1243-1 IEC versions prior to V3.4.29 SIMATIC CP 1243-7 LTE EU versions prior to V3.4.29...

PT-2023-9400 · Siemens · Siplus S7-1200 Cp 1243-1 +20

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1242-7 V2 versions prior to V3.4.29 SIMATIC CP 1243-1 versions prior to V3.4.29 SIMATIC CP 1243-1 DNP3 versions prior to V3.4.29 SIMATIC CP 1243-1 IEC versions prior to V3.4.29 SIMATIC CP 1243-7 LTE EU versions prior to V3.4.29...

pfsenseCE v2.6.0 - Anti-brute force protection bypass Exploit

!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...

LDAP Tool Box Self Service Password v1.5.2 - Account takeover

Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...

Atlassian Jira 7.7.0 < 7.11.0 Broken Jql Filter For Webhooks

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.0.x prior to 7.6.7 or 7.7.0 prior to 7.11.0. It is, therefore, affected by a vulnerability which permits remote attackers who are able to observe or otherwise intercept webho...

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.3 - Path Traversal

The plugin does not properly check the value of the input "uploaddir", which is modifiable by the user. As a result, by changing the value of this input, it's possible to upload a file anywhere writable in the webserver. PoC 1. Create a contact form and add a "multiple file upload" field. 2. Add...

Debian: Security Advisory (DSA-1723-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-254-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1645-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-45139 WAGO: Origin validation error through CORS misconfiguration

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of...

K37466356: BIG-IP ASM vulnerability CVE-2020-5914

Security Advisory Description Undisclosed server cookie scenario may cause BD to restart under some circumstances. CVE-2020-5914 Impact The vulnerability allows remote attackers who have control over the backend webserver to cause a denial-of-service DoS attack on the BIG-IP ASM system. Security...

K13028514: NGINX Controller webserver vulnerability CVE-2020-5894

Security Advisory Description The NGINX Controller webserver does not invalidate the server-side session token after users log out. CVE-2020-5894 Impact An attacker that successfully extracted a valid session token can use it before it expires on the server-side, even if the valid user has logged...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

Xxe

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

Stored XSS in "Import" Module

Description When loading a CSV or XLSX file to preview before importing Step 4, no sanitization of the first line label, allows authenticated attacker to inject malicious XSS payload into the to import file, and store it on the target webserver. If any admin reuse the malicious uploaded importing...

CVE-2022-29493

Uncaught exception in webserver for the Integrated BMC in some IntelR platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access...

Design/Logic Flaw

Uncaught exception in webserver for the Integrated BMC in some IntelR platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access...

PT-2023-12971 · Intel · Integrated Bmc

Name of the Vulnerable Software and Affected Versions: Integrated BMC versions prior to 2.86 Integrated BMC versions prior to 2.09 Integrated BMC versions prior to 2.78 Description: The issue is related to an uncaught exception in the webserver for the Integrated BMC in some IntelR platforms, whi...

FortiNAC - External Control of File Name or Path in keyUpload scriptlet

An external control of file name or path vulnerability CWE-73 in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system...