EUVD-2020-0242

Malware in sbrugna...

CVE-2018-16216

A command injection missing input validation, escaping in the monitoring or memory status web interface in AudioCodes 405HD firmware 2.2.12 VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands like starting telnetd or opening a reverse shell...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as APOGEE, Opcenter, RUGGEDCOM, SCALANCE, SIMATIC, SIPROTEC and Teamcenter. The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS -...

CVE-2024-38879

CVE-2024-38879 affects Siemens Energy Omnivise T3000 (Application Server) with exposed internal application port on public network interfaces across R9.2 and R8.2 SP3/SP4, enabling an attacker to bypass authentication and directly access the exposed application. The root cause is exposure of an i...

CVE-2023-51467

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in SiPass, Tecnomatix, SIMATIC, and RUGGEDCOM products. The vulnerabilities allow a malicious party potentially able to launch attacks that could lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Servi...

CVE-2021-41025

CVE-2021-41025 affects Fortinet FortiWeb’s confd authentication mechanism. Affected FortiWeb versions include 6.0.0–6.0.7, 6.1.0–6.1.2, 6.2.0–6.2.6, 6.3.0–6.3.15, 6.4.0–6.4.1. The issue comprises concurrent execution using a shared resource with improper synchronization and an authentication bypa...

CVE-2020-10048

A vulnerability has been identified in SIMATIC PCS 7 All versions, SIMATIC WinCC All versions V7.5 SP2. Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing...

CVE-2020-10048

CVE-2020-10048 affects Siemens SIMATIC PCS 7 (All versions) and SIMATIC WinCC (all versions

CVE-2020-15239

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

Directory traversal

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

CVE-2020-15239

Summary: CVE-2020-15239 affects xmpp-http-upload prior to version 0.4.0. The issue allows directory traversal via GET requests to read ".data" files paired with ".meta" JSON metadata, enabling information disclosure and potentially bypassing access controls in multi-instance deployments. The ".da...

CVE-2020-15239 Directory Traversal in xmpp-http-upload

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

Vulnerabilities fixed in Gitlab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of authentication Circumvention of security measure Remote...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in Gitlab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of authentication Circumvention of security...

CVE-2018-16216

A command injection missing input validation, escaping in the monitoring or memory status web interface in AudioCodes 405HD firmware 2.2.12 VoIP phone allows an authenticated remote attacker in the same network as the device to trigger OS commands like starting telnetd or opening a reverse shell...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability

Vulnerability description: -------------------------- The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. 1...

[Full-Disclosure] Novell GroupWise WebAccess error modules loading

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear ladies and gentlemen We have found a potential security vulnerability in the Novell GroupWise WebAccess error module handling. First of all it is possible to circumvent the login procedure. If a user connects to...

Motorola Wireless Router WR850G Authentication Circumvention

------------------------------------------------------------------------- | Motorola Wireless Router WR850G Authentication Circumvention | ------------------------------------------------------------------------- Date: 09-23-2004 Author: Daniel Fabian Product: Motorola Wireless Router WR850G,...

[UNIX] Linbit Linbox Multiple Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...