21 matches found
EUVD-2024-19483
Malicious code in bioql PyPI...
CVE-2022-30228
A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected software does not apply cross-origin resource sharing CORS restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could...
CVE-2024-21872
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter...
CVE-2024-3152
mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform...
CVE-2024-21872
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter...
CVE-2024-21872 Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter...
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed...
Time delay for operations scheduled by the community multisig (CM) in timelock pose a risk to the protocol and it users
Lines of code Vulnerability details Impact Time sensitive operations done by the CM, like taking actions in case of an security exploit, are subject to the minDelay of the Timelock contract. Such operations are time sensitive and executing them several minutes later can result in significant loss...
Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality
Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...
Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically
We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...
Two-step change of privileged roles
Lines of code Vulnerability details Impact Lack of two-step procedure for critical operations is error-prone and can lead to irrevocable mistakes, might leave the system operationally with no/malicious privileged role. For example, when transfer admin role, in a single-step change, if the current...
Data Distribution Service: Exploring Vulnerabilities and Risks Part 2
In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations...
Lack of Two-Step Process for Critical Operations
Lines of code Vulnerability details Impact This function transfers/renounce the ownership of the contract in a single step. There is no way to reverse a one-step transfer of ownership to an address without an owner. This would not be the case if ownership were transferred through a two-step proce...
CVE-2022-30228
A vulnerability has been identified in SICAM GridEdge Classic All versions V2.6.6. The affected software does not apply cross-origin resource sharing CORS restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could...
F5 BIG-IP iControl SOAP CSRF Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A CSRF vulnerability exists in F5 BIG-IP iControl SOAP, which could be exploited by an attacker to potentially trick...
F5 BIG-IP 跨站请求伪造漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A CSRF vulnerability exists in F5 BIG-IP iControl SOAP, which could be exploited by an attacker to potentially trick...
Authorization
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site...
Malicious Cyber Activity Targeting Critical SAP Applications
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain...
Update Rollup 9 for System Center 2016 Data Protection Manager
Update Rollup 9 for System Center 2016 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 9 for Microsoft System Center 2016 Data Protection Manager. This article also contains the installation instructions for this update.Note Existing Data...
PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability
Proof-of-concept code found on the GitHub repository could allow attackers to easily take advantage of a recently identified vulnerability in the Apache Struts 2 framework. The vulnerability CVE-2018-11776, identified earlier this week, could allow an adversary to execute remote code on targeted...