31 matches found
CVE-2026-39398
The affected product and advisory are not public...
Debian dla-4444 : liblog4j2-java - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4444 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4444-1 [email protected] https://www.debian.org/lts/security/...
GHSA-QCW2-P26M-9GC5
creationtimestamp| type| source ---|---|--- 2025-12-05 16:43:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115667959131777282...
CVE-2024-49421
creationtimestamp| type| source ---|---|--- 2024-12-03 06:25:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113587463193175474 2024-12-03 08:08:14+00:00| seen| https://t.me/cvedetector/11853 2025-04-09 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-229/...
CVE-2024-34782
creationtimestamp| type| source ---|---|--- 2024-11-13 03:07:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113473436515711539 2024-11-13 04:07:30+00:00| seen| https://t.me/cvedetector/10781 2024-11-13 06:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1499/...
CVE-2024-47712
creationtimestamp| type| source ---|---|--- 2024-10-21 15:09:52+00:00| seen| https://t.me/cvedetector/8466 2025-08-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07...
Apple iOS 和 macOS 缓冲区错误漏洞
Apple iOS is a set of operating systems developed for mobile devices by the American company Apple. A security vulnerability exists in Apple iOS and macOS. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's bulletin...
PT-2022-02: XML External Entity (XXE)
Input validation and proper XML parsers configuration was missing. On the Perfomance Manager+ page, attackers can import XML files. Support of external entities is enabled for processing of such files, which leads to Arbitrary File Read and SSRF. The attack can only be performed by an internal...
编号撤回
This CVE number has been withdrawn...
PT-2021-07: GPay payments above NoCVM limits, CryptoATC out of order
EMV standards which are used as a predecessor of mobile wallets, do not put some mandatory fields as a cryptogram input. These fields are crucial for risk management steps, and their tampering can bypass payment restrictions. During the transaction authorisation, MDES does not decline payments wi...
PT-2018-29: Stored Cross-Site Scripting in Cisco Secure ACS
The specialists of the Positive Research center have detected a Stored Cross-Site Scripting vulnerability in Cisco Secure ACS. A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS, due to insufficient input validation of user-supplied values and a la...
PT-2017-52: Information Disclosure in Rockwell Automation Micrologix 1100 and 1400 PLC
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Rockwell Automation Micrologix 1100 and 1400 PLC. Vulnerability in programmable-logic controllers, caused by sending user credentials to the web server using a HTTP GET method, allows attacker...
IBM Endpoint Manager For Mobile Devices Code Execution
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...
Simploo CMS 1.7.1 PHP Code Execution
No description provided by source. Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discover...
PT-2014-20: XML External Entities Resolution vulnerability in Wonderware Information Server
The specialists of the Positive Research center have detected an XML External Entities Resolution vulnerability in Wonderware Information Server. WIS may allow access to local resources files and internal resources via unsafe parsing of XML external entities. By using specially crafted XML files,...
PT-2014-33: Stack-based buffer overflow in Honeywell EPKS
The specialists of the Positive Research center have detected a Stack-based buffer overflow vulnerability in Honeywell EPKS. Stack-based buffer overflow was discovered in function hscsconf which could lead possible remote code execution or denial of service. How to fix Update your sofware up to t...
PT-2013-76: Local File Inclusion in LiveStreet CMS
The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in LiveStreet CMS. Insufficient validation of user input in the install\index.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may...
PT-2013-85: Open Redirect in Siemens SIMATIC S7-1500 CPU PLC
The specialists of the Positive Research center have detected an Open Redirect vulnerability in Siemens SIMATIC S7-1500 CPU PLC. The integrated web server port 80/tcp and port 443/tcp of the affected device might allow attackers to redirect users to untrusted websites. How to fix Update your...
PT-2011-35: Multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller
Positive Research Center has discovered a multiple CSRF vulnerabilities in Citrix XenServer Virtual Switch Controller. All web interface forms are vulnerable to CSRF attacks. One can exploit these vulnerabilities to change the system configuration. How to fix Update your software up to the latest...
[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS
---------------------------------------------------------------------- PT-2011-21 Positive Technologies Security Advisory SQL injection vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7.0 and...