Lucene search
K

8752 matches found

BDU FSTEC
BDU FSTEC
added 2022/08/15 12:0 a.m.4 views

The vulnerability of the application development environment for ISaGRAF Workbench programmable logic controllers arises from incorrect restrictions on the path name to the restricted access directory. This allows attackers to escalate their privileges.

The vulnerability in the development environment for ISaGRAF Workbench programmable logic controllers is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability can allow attackers to enhance their privileges using a specially created...

7.7CVSS7.2AI score0.00267EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.5 views

The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT Production Suite, the system diagnostic tool SIMOCODE ES, the software for parameterizing, diagnosing, and documenting the startup process of SIRIUS Soft Starter ES, the web-based systems for managing technological processes like SIMATIC PCS neo, the Opcenter RD&L software platform, and the software for analyzing equipment efficiency and key indicators like SIMATIC IT LMS. These vulnerabilities arise from the absence of quotation marks in the wording of elements or search methods, which allows attackers to exploit them to gain elevated privileges to the root level.

The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT...

6.8CVSS7AI score0.00379EPSS
Exploits0References2Affected Software7
Wallarm Lab
Wallarm Lab
added 2022/08/10 5:55 p.m.18 views

Wallarm at Black Hat USA 2022

Black Hat USA is celebrating its 25th anniversary, and Wallarm will be on hand for the festivities. If you’re headed to Vegas this year, we invite you to meet our crew and talk about API security. Tuesday 08/09 – Pre-Event Evening Party Join us on Tuesday 08/09 evening at the Emerging Technology...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2022/08/10 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2022:2717-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.2AI score0.01297EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2022/08/08 2:13 a.m.14 views

canberralearninganddevelopmentcentre.com.au Cross Site Scripting vulnerability OBB-2829586

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.14 views

Project.raiseDispute() might work with the already completed task.

Lines of code Vulnerability details Impact Project.raiseDispute might work with the already completed task. Already completed tasks can't be changed in any cases and it might bring some unexpected outcome when the dispute is approved by fault. Proof of Concept It's impossible to change anything...

6.8AI score
Exploits0
OSV
OSV
added 2022/08/04 6:15 p.m.2 views

CVE-2022-34844

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management...

7.5CVSS5.8AI score
Exploits0References1
Kitploit
Kitploit
added 2022/08/03 12:30 p.m.144 views

Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler

Kage ka-geh is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter. Getting Started Please follow these instructions to get a copy of Kage running on your local...

7.2AI score
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/08/02 12:0 a.m.4 views

The vulnerability of the application development environment for ISaGRAF Workbench’s programmable logic controllers allows a hacker to execute arbitrary code by restoring unreliable data in memory.

The vulnerability of the development environment for ISaGRAF Workbench programmable logic controllers is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.6CVSS7.5AI score0.00315EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/01 9:0 p.m.66 views

CVE-2022-31198

OpenZeppelin Contracts: GovernorVotesQuorumFraction vulnerability where lowering quorum could make past defeated proposals executable if votes meet the new quorum. Affected: GovernorVotesQuorumFraction-based governors in OpenZeppelin Contracts. Root cause: quorum is a percentage of total supply, ...

7.5CVSS7.4AI score0.00626EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/08/01 4:20 p.m.641 views

CVE-2022-31128

Tuleap CVE-2022-31128 affects Tuleap Community Edition prior to 13.10.99.82 and Tuleap Enterprise Edition prior to 13.10-3. The issue arises from improper verification of fine-grained permissions when creating Git branches via the REST API (POST git/:id/branches); users could create branches rega...

5.4CVSS5.4AI score0.00497EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2022/08/01 2:5 p.m.34 views

Two Key Ways Development Teams Can Increase Their Security Maturity

Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/01 1:58 p.m.21 views

Shift Left: Secure Your Innovation Pipeline

There’s no shortage of buzzwords in the tech world. Some are purely marketing spin. But others are colloquial ways for the industry to talk about complex topics that have a massive impact on how organizations and teams drive innovation and work more efficiently. Here at Rapid7, we believe the...

Exploits0
OpenVAS
OpenVAS
added 2022/08/01 12:0 a.m.7 views

Fedora: Security Advisory for origin (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OSV
OSV
added 2022/08/01 12:0 a.m.26 views

ASB-A-228178437

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

6.2CVSS5.2AI score0.00095EPSS
Exploits0References6
Fedora
Fedora
added 2022/07/31 1:37 a.m.54 views

[SECURITY] Fedora 36 Update: swig-4.0.2-17.fc36

Simplified Wrapper and Interface Generator SWIG is a software development tool for connecting C, C++ and Objective C programs with a variety of high-level programming languages. SWIG is used with different types of target languages including common scripting languages such as Javascript, Perl, PH...

9.3CVSS1.3AI score0.05335EPSS
Exploits4
Fedora
Fedora
added 2022/07/30 2:0 a.m.16 views

[SECURITY] Fedora 36 Update: golang-github-shopify-toxiproxy-2.1.4-11.fc36

Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests...

7.2AI score
Exploits0
Fedora
Fedora
added 2022/07/30 1:57 a.m.18 views

[SECURITY] Fedora 36 Update: golang-github-hashicorp-hclog-0.15.0-6.fc36

Go-hclog is a package for Go that provides a simple key/value logging interfa ce for use in development and production environments...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2022/07/29 3:7 p.m.60 views

Malicious Npm Packages Tapped Again to Target Discord Users

Threat actors once again are using the node package manager npm repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hidi...

7.4AI score
Exploits0References8
Kitploit
Kitploit
added 2022/07/29 12:30 p.m.91 views

Maldev-For-Dummies - A Workshop About Malware Development

In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such,malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started...

7.5AI score
Exploits0References3
Rows per page
Query Builder