PT-2026-41894

Name of the Vulnerable Software and Affected Versions Sparx Enterprise Architect versions 17.1 and earlier Description A security feature intended to limit user actions based on assigned roles can be bypassed. An authenticated attacker can modify the client behavior, for example by using a...

CVE-2023-31297

An issue was discovered in SESAMI planfocus CPTO Cash Point & Transport Optimizer 6.3.8.6 718. There is XSS via the Name field when modifying a client...

EUVD-2008-1883

Malware in sbrugna...

CVE-2023-26244

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml...

CVE-2023-31297

An issue was discovered in SESAMI planfocus CPTO Cash Point & Transport Optimizer 6.3.8.6 718. There is XSS via the Name field when modifying a client...

Code injection

An issue was discovered in SESAMI planfocus CPTO Cash Point & Transport Optimizer 6.3.8.6 718. There is XSS via the Name field when modifying a client...

CVE-2023-31297

An issue was discovered in SESAMI planfocus CPTO Cash Point & Transport Optimizer 6.3.8.6 718. There is XSS via the Name field when modifying a client...

CVE-2022-24125

The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted o...

CVE-2018-4854

A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device,...

id Software Quake II Server 3.20/3.21 Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4744/info Quake II is a multiplayer game released by id Software. The source code has been made publically available, and versions are available for Windows and Linux. A vulnerability has been reported in some versions of...

Character not allowed in user name

A user has sign up with the user name "m&m". The i tried to modify this user. Because the username is passed as url parameter FooServlet?name=m&m : GET or POST method the servlet container cut the name and try to retreive the username named "m" !!! The only way is to use a database client, change...

id Software Quake II Server 3.20/3.21 - Remote Information Disclosure

source: https://www.securityfocus.com/bid/4744/info Quake II is a multiplayer game released by id Software. The source code has been made publically available, and versions are available for Windows and Linux. A vulnerability has been reported in some versions of the Quake II server. While variab...