CVE-2022-34761

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

CVE-2022-34760

A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

CVE-2022-34759

CVE-2022-34759 describes a CWE-787Out-of-bounds Write vulnerability that could cause a denial of service to the webserver due to improper parsing of HTTP headers. Affected Schneider Electric devices include the X80 advanced RTU Communication Module BMENOR2200H (V1.0) and the OPC UA Modicon Commun...

CVE-2022-26647

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

CVE-2022-26647

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

CVE-2022-26647

The CVE-2022-26647 vulnerability affects Siemens SCALANCE X Switch Devices (e.g., X200-4P, X201-3P/IRT/IRT PRO, X202-2IRT/IRT PRO, X204-2 family, X206-1, X208, X212-2, X216, X224, XF201-3P/IRTs, XF204 family, etc.). The issue is in the webserver’s handling of session IDs and nonces: they are gene...

CVE-2022-26647

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

PT-2022-17979 · Siemens · Scalance Xf204 +20

Name of the Vulnerable Software and Affected Versions: SCALANCE X200-4P IRT versions prior to V5.5.2 SCALANCE X201-3P IRT versions prior to V5.5.2 SCALANCE X201-3P IRT PRO versions prior to V5.5.2 SCALANCE X202-2IRT versions prior to V5.5.2 SCALANCE X202-2P IRT versions prior to V5.5.2 SCALANCE...

AutomationDirect C-More EA9 HMI

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerabilities: Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...

Blackbird - An OSINT Tool To Search For Accounts By Username In 101 Social Networks

Blackbird An OSINT tool to search fast for accounts by username across 101 sites. The Lockheed SR-71 "Blackbird" is a long-range, high-altitude, Mach 3+ strategic reconnaissance aircraft developed and manufactured by the American aerospace company Lockheed Corporation. Disclaimer This or previous...

Remote code execution

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

CVE-2022-30470

CVE-2022-30470 affects Afian FileRun (version 20220202) where changing the "search_tika_path" to a custom (previously uploaded) jar enables remote code execution in the webserver user context. The vulnerability originates from how the application loads an externally supplied jar via the search_ti...

Security Bulletin: Vulnerability in Apache HTTP (CVE-2022-22720) affects Power HMC

Summary Apache HTTP webserver is used by IBM Power Hardware Management Console HMC for accepting https request and transfer to and fro to internal applications. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-22720 by upgrading IBM Power Hardware Management Console H...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228Apache Log4j Remote Code Execution） all log...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS due to the way the Kestrel web...

be.yildiz-games:module-webserver-undertow (>=1.0.0 <=1.1.1), br.eti.clairton:ds-test (>=0.4.0 <=1.2.1) +2259 more potentially affected by CVE-2020-1757 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.0.9.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.0, =1.0, =0.1.0, =3.0.0.RELEASE, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.1.4-jdk1.8-RELEASES, =0.1.5-jdk1.8-RELEASES and more Source cves: CVE-2020-1757 Source advisory:...

Magento 2 Community Edition RCE Vulnerability

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

GHSA-6VC8-3XF2-QRXX Magento 2 Community Edition RCE Vulnerability

In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import feature can execute arbitrary code through a race condition that allows webserver configuration file...

mastercactapus proxyprotocol vulnerable to denial of service

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...