EUVD-2020-27520

Malware in sbrugna...

Engineering Risk-Aware, Security-By-Design Frameworks for Assurance of Large-Scale Autonomous AI Models

As AI models scale to billions of parameters and operate with increasing autonomy, ensuring their safe, reliable operation demands engineering-grade security and assurance frameworks. This paper presents an enterprise-level, risk-aware, security-by-design approach for large-scale autonomous AI...

CVE-2024-4609

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

PT-2024-3630 · Rockwell Automation · Factorytalk View Se

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk View SE Datalog function Description: A threat actor could inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. This could result in...

The vulnerability of the SAP NetWeaver Design Time Repository, a software integration platform, allows a hacker to inject arbitrary HTML code.

The vulnerability of the SAP NetWeaver Design Time Repository software platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely...

CVE-2023-33984

SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...

CVE-2023-33984

SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...

CVE-2023-33984 Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)

SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...

CVE-2023-33984

SAP NetWeaver (Design Time Repository) v7.50 is affected. The issue arises from returning an unfavorable content type for certain versioned files, enabling an authorized attacker to create a file containing malicious content and share a link resulting in cross-site scripting (XSS). Public referen...

PT-2023-3744 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Design Time Repository version 7.50 Description: The issue exists due to insufficient protection of the web page structure, allowing a remote attacker to inject arbitrary HTML code. This could enable an authorized attacker to...

IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability (CNVD-2024-01175)

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from International Business Machines IBM. The platform provides a set of design-time and run-time components for building and running its enterprise-class applications, respectively, and...

CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

Input validation

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

CVE-2022-29618

The connected records confirm a cross-site scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository) affecting versions 7.30, 7.31, 7.40, and 7.50. Root cause: insufficient input validation that lets an unauthenticated attacker inject script into the URL, ...

CVE-2020-6370

SAP NetWeaver Design Time Repository DTR, versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...