405 matches found
CVE-2023-44315
A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting XSS attack that may lead to...
Siemens SINEC NMS 跨站脚本漏洞
Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A cross-site scripting vulnerability exists in the Siemens SINEC NMS...
Apple macOS Ventura Security Vulnerability
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.4, which stems from an application that may be able to access sensitive user data...
Qualcomm Chipsets Buffer Error Vulnerability
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. The Qualcomm Chipsets have a security vulnerability that originates from memory corruption in the RIL when attempting to send apdu packets...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2020-21881
Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...
CVE-2023-37287
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...
CVE-2023-37287
SmartBPM.NET (SmartBPM.NET) is affected by CVE-2023-37287 due to the use of a hard-coded authentication key. The vulnerability allows an unauthenticated remote attacker to access the system with regular user privileges, enabling reading of application data and execution of submission and approval...
CVE-2023-37287 SmartBPM.NET - Use of Hard-Coded Credentials - 2
SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...
EulerOS Virtualization 2.11.1 : gnutls (EulerOS-SA-2023-2070)
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...
DNS Poisoning Attacks
Akka is vulnerable to DNS Poisoning Attacks. The vulnerability exists because the Async DNS resolver of the library uses insufficient entropy to protect against DNS poisoning, which leads to the exfiltration of application data, allowing an attacker to cause denial of access to the service...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...
Fuzztruction - Prototype Of A Fuzzer That Does Not Directly Mutate Inputs (As Most Fuzzers Do) But Instead Uses A So-Called Generator Application To Produce An Input For Our Fuzzing Target
Fuzztruction is an academic prototype of a fuzzer that does not directly mutate inputs as most fuzzers do but instead uses a so-called generator application to produce an input for our fuzzing target. As programs generating data usually produce the correct representation, our fuzzer mutates the...
CVE-2022-47757
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load module...
Cross site scripting
Archer Platform 6.8 before 6.12 P6 HF1 6.12.0.6.1 contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 6.11.0.4 is also a fixed release...
PT-2023-2512 · Cisco · Cisco Industrial Network Director
Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the Cisco Industrial Network Director could allow an authenticated, local attacker to read application data due to insufficient default file...
Design/Logic Flaw
Insecure Storage of Sensitive Information vulnerability in ABB My Control System on-premise allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System...
CVE-2023-0580 Information Disclosure vulnerability in My Control System (on-premise)
Insecure Storage of Sensitive Information vulnerability in ABB My Control System on-premise allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System...