5284 matches found
PT-2023-7759 · Hitachi Energy · Rtu500 Series
Name of the Vulnerable Software and Affected Versions: Hitachi Energy RTU500 series affected versions not specified Description: A vulnerability exists in the webserver that affects the RTU500 series product, allowing a malicious actor to perform cross-site scripting due to user input being...
CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...
CVE-2023-46125
CVE-2023-46125 affects the Fides open-source privacy platform. The vulnerability arises in the webserver API’s GET /api/v1/config endpoint, where configuration data is returned with sensitive internals and backend details (e.g., settings, server addresses/ports, database username) despite filteri...
Fides Information Disclosure Vulnerability in Config API Endpoint
Impact The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the...
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...
Debian: Security Advisory (DSA-5530-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenPLC WebServer 3 Denial Of Service
Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...
OpenPLC WebServer 3 - Denial of Service Exploit
Exploit Title: OpenPLC WebServer 3 - Denial of Service Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import optparse import r...
OpenPLC WebServer 3 - Denial of Service
Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...
(0Day) D-Link DIR-X3260 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within prog.cgi,...
PT-2023-5853 · D Link · D-Link Dir-X3260
Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: The issue is related to the SetSysEmailSettings function of the D-Link DIR-X3260 Wi-Fi router's firmware, which is associated with insufficient input data cleaning. This can be...
PT-2023-5898 · D Link · D-Link Dir-X3260
Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
(0Day) D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within prog.cgi,...
PT-2023-5896 · D Link · D-Link Dir-X3260
Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
PT-2023-6105 · D Link · D-Link Dir-X3260
Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
PT-2023-9185 · D Link · D-Link Dir-2640
Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. The flaw exists within the prog.cgi file, which handl...
CVE-2023-3767
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter...
CVE-2023-3767
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter...
Command injection
An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter...
EasyPHP Webserver OS Command Injection Vulnerability
EasyPHP Webserver is an EasyPHP open source platform that allows you to build a development environment. EasyPHP Webserver version 14.1 suffers from an operating system command injection vulnerability that stems from the presence of an operating system command injection vulnerability. An attacker...