CVE-2022-43514

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected component does not correctly validate the root path on folder related operations, allowing to...

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...

CVE-2022-43513

A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...

ARCHIBUS Web Central 安全漏洞

ARCHIBUS Web Central is a web-based web management center for ARCHIBUS that organizes facility and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can enter, ed...

PT-2023-14622 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service allows a basic user to cancel or delete a booking created by someone else, even if the basic user is not a member of the...

PT-2023-14624 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service accepts user-controlled parameters to act on the data returned to the user. This allows a basic user to access data unrelated ...

PT-2023-14625 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service exposed allows a basic user to access the profile information of all connected users. Recommendations: For Archibus Web Centra...

SAP BusinessObjects Business Intelligence Platform 跨站脚本漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

PT-2023-1360 · Unknown · Telecontrol Server Basic V3 +2

Name of the Vulnerable Software and Affected Versions: Automation License Manager V5 All versions Automation License Manager V6 All versions prior to V6.0 SP9 Upd4 TeleControl Server Basic V3 All versions prior to V3.1.2 Description: The issue is related to a path traversal vulnerability. It may...

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

In yet another campaign targeting the Python Package Index PyPI repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin,...

REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...

CVE-2022-47128

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet...

CVE-2022-47123

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet...

CVE-2022-47124

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet...

CVE-2022-47119

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet...

CVE-2022-47122

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd5g parameter at /goform/WifiBasicSet...

CVE-2022-47118

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet...

CVE-2022-47120

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security5g parameter at /goform/WifiBasicSet...

Security Bulletin: IBM Tivoli Monitoring Basic Services is vulnerable to a denial of service attack in zlib component (CVE-2018-25032)

Summary Fixes a vulnerability reported in the zlib that is used by IBM Tivoli Monitoring for historical data collection CVE-2018-25032. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By usi...

Tenda A15 缓冲区错误漏洞

Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 ssid parameter, which stems from a lack of length checking of input data in the ssid parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the system...