GHSA-M3PX-VJXR-FX4M Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint

Impact The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patches Patched with Version v2.3.3 Credits Thanks to Kevin Pohl for reporting this...

CVE-2024-42485

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

CVE-2024-42485

CVE-2024-42485 affects Filament Excel. The vulnerability exists in the export download route /filament-excel/{path}, where an attacker could leverage directory traversal using ../ to download arbitrary files without authentication when the webserver allows such paths. This could disclose sensitiv...

CVE-2024-42485 Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

CVE-2024-42485 Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

Exploit for Code Injection in Openplcproject Openplc_V3_Firmware

CVE-2021-31630 OpenPLC 3 WebServer Authenticated Remote Code E...

OPENSUSE-SU-2024:0206-1 Security update for cockpit

This update for cockpit fixes the following issues: - new version 320: pam-ssh-add: Fix insecure killing of session ssh-agent boo1226040, CVE-2024-6126 - changes in older versions: Storage: Btrfs snapshots Podman: Add image pull action Files: Bookmark support webserver: System user changes Metric...

HMS Industrial Networks Anybus-CompactCom 30

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Industrial Networks Equipment: Anybus-CompactCom 30 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3381 more potentially affected by CVE-2024-3653 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.33.Final)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2024-3653 Source advisory: OSV:GHSA-CH7Q-GPFF-H9HP...

app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:sharaf_3 (>=0.0.7 <=0.7.4) +973 more potentially affected by CVE-2024-3653 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.14.Final)

io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.0.7, =1.1.15, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.31 and more Source cves: CVE-2024-3653 Source advisory: OSV:GHSA-CH7Q-GPFF-H9HP...

Realtek rtl819x Jungle SDK configuration file mib_init_value_array heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-1911 Realtek rtl819x Jungle SDK configuration file mibinitvaluearray heap-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2024-21778 SUMMARY A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray...

CVE-2023-41926

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

CVE-2023-41926 Insufficiently protected credentials in Kiloview P1/P2 devices

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

CVE-2023-41926

CVE-2023-41926 affects Kiloview P1/P2 devices with a web server that uses basic authentication over HTTP (port 80). Lack of encryption allows eavesdropping of credentials and potentially unauthorized access to the configuration interface. The CVSSv3.1 vector indicates network access, low attack c...

PT-2024-13015 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns the use of basic authentication for user login to the configuration interface of a webserver. Since encryption is disabled on port 80, this setup allows potential...

USN-6837-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. CVE-2023-27530 It was discovered that Rack incorrectly parsed certain...

CVE-2024-5056

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem...

CVE-2024-5056

CVE-2024-5056 affects Schneider Electric Modicon M340 PLCs, specifically the BMXNOE0100 and BMXNOE0110 network modules used with Modicon M340. The vulnerability (CWE-552) is described as files or directories that are accessible to external parties, which may prevent a user from updating the devic...

CVE-2024-5056

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem...

CVE-2024-5056

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem...