22 matches found
EUVD-2020-28700
Malware in sbrugna...
EUVD-2025-18297
Malicious code in bioql PyPI...
EUVD-2021-28559
Malicious code in bioql PyPI...
CVE-2025-49586 XWiki allows remote code execution through preview of XClass changes in AWM editor
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application the default for all users XWiki can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0,...
CVE-2025-49586 XWiki allows remote code execution through preview of XClass changes in AWM editor
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application the default for all users XWiki can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0,...
Privilege escalation
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...
XWiki Platform vulnerable to code injection from account through AWM view sheet
Impact Steps to reproduce: 1. As a user without script or programming right, edit your user profile or any other document with the wiki editor and add the content groovyprintln"Hello " + "from Groovy!"/groovy 1. Edit the document with the object editor and add an object of type...
GHSA-JGRG-QVPP-9VWR XWiki Platform vulnerable to code injection from account through AWM view sheet
Impact Steps to reproduce: 1. As a user without script or programming right, edit your user profile or any other document with the wiki editor and add the content groovyprintln"Hello " + "from Groovy!"/groovy 1. Edit the document with the object editor and add an object of type...
The Link Between AWM Proxy & the Glupteba Botnet
On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy -- a 14-year-old anonymity service that rents hacked PCs to...
CVE-2021-41542
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...
CVE-2021-41543
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access...
Cross site scripting
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...
CVE-2021-41543
The CVE-2021-41543 vulnerability affects Siemens Climatix POL909 (AWB and AWM modules). It is an information disclosure in the web application’s handling of log files, allowing logged-in users to access sensitive files. Affected products: POL909 AWB and POL909 AWM modules; versions prior to 11.34...
CVE-2021-41543
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access...
CVE-2021-41542
Siemens Climatix POL909 devices (AWM and AWB modules) are affected by cross-site scripting on the User Management and Group Management web pages. The vulnerability stems from improper input handling in the web interface, allowing execution of malicious JavaScript that can hijack cookies/sessions ...
CVE-2021-41541
CVE-2021-41541 affects Siemens Climatix POL909: AWB and AWM web modules. The Group Management page is vulnerable to cross-site scripting (XSS) on all versions prior to V11.44 (AWB) and V11.36 (AWM). Exploitation could allow an attacker to inject JavaScript to hijack cookies/session tokens, redire...
Siemens Climatix POL909 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Climatix POL909 AWM and AWB modules --------- End Update A Part 1 of 3 --------- Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION...
Design/Logic Flaw
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42, Climatix POL909 AWM module All versions V11.34. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to...
CVE-2020-7575
A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitra...
CVE-2020-7574
A vulnerability has been identified in Climatix POL908 BACnet/IP module All versions, Climatix POL909 AWM module All versions V11.32. A persistent cross-site scripting XSS vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject...