Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47382)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...

ADCSKiller - An ADCS Exploitation Automation Tool Weaponizing Certipy And Coercer

ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services ADCS vulnerabilities. It leverages features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure. Please note that the ADCSKiller is...

CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...

CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...

Sql injection

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...

Cloudroits Website Job Search SQL Injection Vulnerability

Cloudroits Website Job Search is a website backend from Cloudroits, Inc. A security vulnerability exists in Cloudroits Website Job Search version v.15.0 that could allow an authenticated, remote attacker to execute arbitrary code via the name parameter in the controllers/main.py component...

CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...

Vulnerability of the operating systems of ArubaOS controllers Aruba 9200 and 9000, allowing a hacker to execute arbitrary code

The vulnerability of ArubaOS controller devices Aruba 9200 and 9000 is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-38485

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...

Security feature bypass

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary...

CVE-2023-38486 Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary...

CVE-2023-38486

The CVE-2023-38486 entry describes a flaw in the secure boot implementation on Aruba 9200 and 9000 Series Controllers and Gateways. The issue allows bypassing the secure-boot protections that normally prohibit unsigned kernel images from executing, enabling an attacker to run arbitrary runtime op...

CVE-2023-38486 Hardware Root of Trust Bypass in 9200 and 9000 Series Controllers and Gateways

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary...

CVE-2023-38485 Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...

CVE-2023-38485 Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...

CVE-2023-38485

CVE-2023-38485 affects Aruba 9200/9000 Series Controllers and Gateways; BIOS implementation vulnerabilities could allow arbitrary code execution early in boot, enabling full system compromise. No publicly documented patch/version fix is provided in the connected sources; exploitation details and ...

CVE-2023-38484 Multiple Buffer Overflow Vulnerabilities in BIOS Implementation of 9200 and 9000 Series Controllers and Gateways

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...

9 Alarming Vulnerabilities Uncovered in SEL's Power Management Products

Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories SEL. "The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution RCE on an engineering workstation," Nozomi Networks said in ...

CVE-2023-38902

A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...

CVE-2023-38902

A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...