33 matches found
WeGIA 安全漏洞
WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.5 contained security vulnerabilities. These vulnerabilities stemmed from the adicionartipodocsatendido.php script not being processed through a central...
CVE-2024-24257
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component...
CVE-2024-24257
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component...
PT-2024-20328 · Skteco.Com · Skteco.Com Central Control Attendance Machine Web Management Platform
Name of the Vulnerable Software and Affected Versions: skteco.com Central Control Attendance Machine web management platform version 3.0 Description: The issue allows an attacker to obtain sensitive information via a crafted script to the "csl/user" component. Recommendations: For version 3.0,...
CVE-2024-24257
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component...
CVE-2024-24257
The CVE-2024-24257 entry concerns skteco.com Central Control Attendance Machine Web Management Platform (v3.0). The vulnerability is described as an Information Disclosure: a crafted script targeting the csl/user component may allow an attacker to obtain sensitive information. Concrete technical ...
ZKTeco Central Control Attendance Machine Web Management Platform 安全漏洞
ZKTeco Central Control Attendance Machine Web Management Platform is a centralized control time and attendance machine web management platform from ZKTeco, China. A security vulnerability exists in Zkteco Central Control Attendance Machine Web Management Platform version v.3.0. An attacker can...
Siemens SICAM TOOLBOX II Critical Resource Privilege Assignment Error Vulnerability
SICAM TOOLBOX II is an engineering solution for plants and systems of all sizes. It allows data collection, data modeling, configuration and parameterization. It is used for process information engineering of automation and central control room systems. Siemens SICAM TOOLBOX II suffers from a...
PT-2022-6465 · Rittal · Rittal Cmc Pu Iii
Name of the Vulnerable Software and Affected Versions: Rittal CMC III affected versions not specified Description: The issue is related to inadequate access control in the Rittal CMC III central control unit, which can be exploited by an attacker to gain unauthorized access to protected informati...
CVE-2022-20087
In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970...
CVE-2022-20039
In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345...
CVE-2022-20039
In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345...
Rickroll Grad Prank Exposes Exterity IPTV Bug
UPDATE When Township High School District 214 in Illinois got rickrolled all at once across its six different schools just before graduation, it was more than a meticulously executed senior prank. Cybersecurity star-in-the-making and recent high-school graduate Minh Duong found, and was able to...
Microsoft Dynamics Business Central 跨站脚本漏洞
Microsoft Dynamics Business Central is an enterprise resource planning system from Microsoft. The system includes functionality for financial management, project management, and supply chain management. A cross-site scripting vulnerability exists in Microsoft Dynamics Business Central Control. Th...
Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tre...
CVE-2021-0347
In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID:...
CVE-2020-12834
eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...
CVE-2020-12834
eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...
Connected Home Hubs Open Houses to Full Remote Takeover
Three different connected home hubs – Fibaro Home Center Lite, Homematic Central Control Unit CCU2 and Elko’s eLAN-RF-003 – are vulnerable in their older versions to serious bugs that would allow information disclosure, man-in-the-middle MiTM attacks and unauthenticated remote code execution RCE,...
Siemens SiNVR 3 Insufficient Records Vulnerability
SiNVR 3 is a video management platform.Central Control Server CCS is the central control server and Video Server is the video server. SiNVR 3 has an insufficient security operation logging vulnerability in the XML-based communication protocol implementation, which can be exploited by a remote...