62 matches found
Schneider Electric IGSS Data Server 缓冲区错误漏洞
The Schneider Electric IGSS Data Server is a data server for the Interactive Graphics Scada System from Schneider Electric France. A buffer error vulnerability exists in versions prior to Schneider Electric IGSS Data Server 15.0.0.22140, which stems from an application boundary error. A remote...
PT-2022-3200 · Unknown · Igss Data Server
Name of the Vulnerable Software and Affected Versions: IGSS Data Server - IGSSdataServer.exe versions prior to V15.0.0.22170 Description: A buffer copy without checking the size of input vulnerability exists, potentially leading to a stack-based buffer overflow and remote code execution when an...
Siemens RUGGEDCOM 输入验证错误漏洞
Siemens RuggedCom ROS is an operating system used in the RuggedCom family of switches from Siemens Germany. Siemens RUGGEDCOM ROS is vulnerable to an integer overflow vulnerability that could be exploited by an attacker to request large amounts of data, resulting in the allocation of smaller data...
Apache Log4j Code Issue Vulnerability
Apache Log4j is the United States Apache Apache Foundation of a Java-based open source logging tool . Apache Log4J has a code issue vulnerability that can be exploited by an attacker to design a data request to be sent to a server using the Apache Log4j tool, which triggers remote code execution...
Apache Log4j 代码问题漏洞
Apache Log4j is the United States Apache Apache Foundation of a Java-based open source logging tool . Apache Log4J has a code issue vulnerability that can be exploited by an attacker to design a data request to be sent to a server using the Apache Log4j tool, which triggers remote code execution...
PT-2021-20230 · Vaadin · Vaadin-Server
Name of the Vulnerable Software and Affected Versions: com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Description: The issue is caused by a missing check in the DataCommunicator class, allowing an authenticated network attacker to cause heap exhaustion by requesting too many rows of data...
CVE-2021-39150
A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...
CVE-2021-39152
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...
Updated xstream packages fix security vulnerabilities
In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream CVE-2021-21341...
Default configuration
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...
CVE-2021-21349
XStream (Java) before 1.4.16 is vulnerable to an input-stream manipulation flaw (CVE-2021-21349) that may allow a remote attacker to access data from internal resources not publicly available. The issue arises from processing the input stream during deserialization. A fix is available in XStream ...
Server-Side Forgery Request can be activated unmarshalling with XStream
Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15...
Server side request forgery (ssrf)
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
Denial Of Service (DoS)
nginx HTTP/2 is vulnerable to denial of service DoS. The attack is possible because it cannot control an attacker from sending a large amount of data request by manipulating window size and stream priority to force server to queue the data in 1-byte chunks, exhausting CPU and/or memory...
Exploiting GDPR to Get Private Information
A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation GDPR, which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of...
Vera Edge Home Controller Command Execution Vulnerability
Vera Edge Home Controller is a smart home central control unit. A security vulnerability exists in LuaUPnP in Vera Edge Home Controller version 1.7.4452. A remote attacker can exploit the vulnerability by sending the 'code' parameter to /port3480/datarequest to execute arbitrary operating system...
CVE-2019-13598
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port3480/datarequest because the "No unsafe lua allowed" code block is skipped...
WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities
WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities Exploit Title: WordPress: wordpress huge-it-slider 2.7.5 & Persistent JS-HTML Code injection, Arbitrary slider deletion Date: 2015-06-23 Google Dork: intitle:"index of" intext:"/wp-content/plugins/slider-image/" Exploit Author:...
Threat Outbreak Alert RuleID13584: Email Messages Distributing Malicious Software on February 16, 2015
Medium Alert ID: 37482 First Published: 2015 February 16 15:48 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID13584 may contain the following files: Name |...