8752 matches found
K76052144: BIG-IP, BIG-IQ, Enterprise Manager, and F5 iWorkflow Configuration utility vulnerability CVE-2019-6663
Security Advisory Description The BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow Configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack. CVE-2019-6663 Impact BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow An Anti DNS Pinning DNS Rebinding attack allows an attacker ...
K10015187: BIG-IP APM client for Windows vulnerability CVE-2018-5547
Security Advisory Description Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the...
CVE-2019-9011
In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, an attacker can identify valid usernames...
Code injection
In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, an attacker can identify valid usernames...
Default credentials
In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, a user's password may be changed by an attacker without knowledge of the current password...
CVE-2019-9011
In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, an attacker can identify valid usernames...
CVE-2019-9011
In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, an attacker can identify valid usernames...
PT-2022-8323 · 3S Smart Software Solutions +1 · Codesys Development System +1
Name of the Vulnerable Software and Affected Versions: Pilz PMC programming tool versions 3.x through 3.5.16 Description: A security issue allows an attacker to change a user's password without knowing the current password. This is possible in the Pilz PMC programming tool, which is based on the...
CVE-2019-9011
CVE-2019-9011 affects Pilz PMC programming tool 3.x (based on CODESYS Development System). A remote attacker can enumerate valid usernames via the vulnerable flow, exposing an information-disclosure condition with network attack vector and no required privileges. The vulnerability is documented t...
CVE-2020-12067
Pilz PMC programming tool up to v3.5.16 is affected (based on CODESYS Development System). The issue allows a password change by an attacker without knowing the current password. Remediation: upgrade to version 3.5.17 or later. Public exploitation status is not detailed in the provided sources; o...
APDE 路径遍历漏洞
APDE is a processing IDE for creating and running sketches on Android devices by William Smith Personal Developer. A path traversal vulnerability exists in versions prior to APDE 0.5.2-pre2-alpha, which stems from a function in the...
The vulnerability of the PRNG generator in the development environment for programming CODESYS V3 applications, related to the use of cryptographic algorithms with defects, allows a hacker to decrypt and modify the loaded code.
The vulnerability of the PRNG generator used in the development environment for CODESYS V3 applications is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor, operating remotely, to decrypt and modify the loaded...
K13838: XSS vulnerability CVE-2012-2975
Security Advisory Description A cross-site scripting XSS vulnerability exists on the BIG-IP ASM traffic overview page. Malicious request URLs may be exposed in the Configuration utility without proper sanitization. CVE-2012-2975 Impact Privileged root access may be granted to unauthenticated user...
K05200155: Multiple Java vulnerabilities
Security Advisory Description CVE-2015-4734 Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. CVE-2015-4805 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60,...
lite-dev-server 路径遍历漏洞
lite-dev-server is an http file server for development by the individual developer Gavrilov Rusla. A security vulnerability exists in lite-dev-server that stems from a lack of input cleanup and a directory traversal vulnerability...
communitydevelopmentsoftware.com Cross Site Scripting vulnerability OBB-3111109
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Weak Password Vulnerability in KingFusion Development System of Beijing Asia Control Technology Development Co.
KingFusion is a production information management system for the executive level of industrial enterprises. A weak password vulnerability exists in the KingFusion development system of Beijing Asian Control Technology Development Co. Ltd, which can be exploited by attackers to obtain sensitive...
K23565223: Apache vulnerability CVE-2017-9788
Security Advisory Description In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '='...
SUSE: Security Advisory (SUSE-SU-2022:4483-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: nodejs: Improper handling of URI Subject...