94 matches found
CVE-2026-8215
A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument mstrSourceFileName causes path traversal. The attack can be initiated remotely. The...
CVE-2026-8217 Industrial Application Software IAS Canias ERP RMI Runtime.getRuntime.exec os command injection
A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. T...
CVE-2026-8217
The CVE-2026-8217 entry concerns Industrial Application Software IAS Canias ERP 8.03. Affected is the Runtime.getRuntime.exec call within the RMI Interface; manipulating the troiaCode argument leads to OS command injection. The vulnerability can be triggered remotely, and public exploits exist. V...
CVE-2026-8216 Industrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...
CVE-2026-8215 Industrial Application Software IAS Canias ERP RMI iasRequestFileEvent path traversal
A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument mstrSourceFileName causes path traversal. The attack can be initiated remotely. The...
CVE-2026-8214
The CVE-2026-8214 entry concerns Industrial Application Software IAS Canias ERP 8.03. The vulnerability lies in the RMI Interface’s doAction function, where manipulating the sessionId argument leads to improper authentication. This can be exploited remotely, and public proof-of-concept exploit in...
CVE-2026-8214 Industrial Application Software IAS Canias ERP RMI doAction improper authentication
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been ma...
PT-2026-39427
Name of the Vulnerable Software and Affected Versions Industrial Application Software IAS Canias ERP version 8.03 Description Improper authentication exists in the RMI Interface component. A remote attacker can manipulate the sessionId argument within the doAction function to bypass authenticatio...
PT-2026-39470
Name of the Vulnerable Software and Affected Versions Industrial Application Software IAS Canias ERP version 8.03 Description An issue exists in the Login RMI Interface component where manipulation of the clientVersion argument leads to improper authentication. This allows a remote attacker to...
PT-2026-39466
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...
EUVD-2020-27130
Malware in sbrugna...
CVE-2020-5976
NVIDIA GeForce NOW, versions prior to 2.0.23 Windows, macOS and versions prior to 5.31 Android, Shield TV, contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure...
DSA-5891-1 thunderbird - security update
Bulletin has no description...
CVE-2025-27659
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows SQL Injection OVE-20230524-0002...
CVE-2025-25184 Possible Log Injection in Rack::CommonLogger
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...
Plaintext Modification
libkrb5.so is vulnerable to a Plaintext Modification attack. The vulnerability is due to improper modifications in the plaintext Extra Count field of a confidential GSS krb5 wrap token, allowing an attacker to make an unwrapped token appear truncated to the application...
CVE-2023-20204
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface...
Buffer Overflow
libpjsip.so is vulnerable to Buffer Overflow. The vulnerability exists via PJMEDIA RTP decoder and PJMEDIA SDP parser which allows an attacker to cause a memory corruption resulting in an application crash...
Directory traversal
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...
CVE-2022-37122
Carel pCOWeb HVAC BACnet Gateway 2.1.0 (Firmware A2.1.0–B2.1.0; Software v16 13020200; App 2.15.4A) is affected by an unauthenticated arbitrary file disclosure due to improper verification of the 'file' GET parameter in logdownload.cgi. The vulnerability allows directory traversal to disclose arb...