CVE-2020-25152 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges...

CVE-2020-25160 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration...

CVE-2020-25160

CVE-2020-25160 involves improper access controls in B. Braun SpaceCom (versions L81/U61 and earlier), Battery Pack with Wi‑Fi (U61/L81 and earlier), and Data module compactplus (A10/A11). The root cause is improper access control that allows attackers to extract and tamper with the devices’ netwo...

CVE-2020-16238 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...

CVE-2020-25156

CVE-2020-25156 concerns active debug code in B. Braun SpaceCom (versions L8/U61 and earlier) and Data module compactplus (A10/A11 and earlier) enabling possession of cryptographic material to gain root access. Connected sources confirm affected products and versions, with remediation updates rele...

CVE-2020-25156 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...

CVE-2020-25150 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...

CVE-2020-25150 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...

The vulnerability of the module for creating and saving structured information about company departments in the “LOCMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCMAN:PLM, arises from the possibility of unlimited loading of dangerous files. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the module responsible for creating and saving structured information about company departments in the “LOCZMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCZMAN:PLM, relates to the unlimited loading of...

DEBIAN-CVE-2018-17572

InfluxDB 0.9.5 has Reflected XSS in the Write Data module...

UBUNTU-CVE-2018-17572

InfluxDB 0.9.5 has Reflected XSS in the Write Data module...

Drupal Data Cross-Site Scripting Vulnerability

Drupal is an open source content management system developed by the Drupal community using the PHP language. A cross-site scripting vulnerability exists in Drupal version 6.20, Data 6.x-1.0-alpha14. The vulnerability stems from a lack of proper validation of client-side data by the WEB applicatio...

Drupal Data SQL Injection Vulnerability

Drupal is an open source content management system developed by the Drupal community using the PHP language. A SQL injection vulnerability exists in Drupal version 6.20, Data 6.x-1.0-alpha14. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

Siemens SIPLUS SYNC-MODULE Detection

Binary data 750299.prm...

python: missing boundary check in JSON module

A flaw was found in the way the json module handled negative index argument passed to certain functions such as rawdecode. An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory...

CVE-2012-6575

CVE-2012-6575 affects the Drupal Exposed Filter Data module (6.x-1.x) prior to 6.x-1.2. It is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary scripts via unspecified vectors. Root cause: insufficient input sanitization in the module. Impact: potential execution...

CVE-2012-1654

Multiple cross-site scripting XSS vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in 1 data.views.inc a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in 1 data.views.inc a...

CVE-2012-1654

Multiple cross-site scripting XSS vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in 1 data.views.inc a...

CVE-2012-1654

The CVE-2012-1654 case affects Drupal’s Data module (6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3). The vulnerability arises from insufficient escaping in the title used when creating tables, allowing remote authenticated users with the administer data tables permission to inject arbi...