Lucene search
K

330 matches found

Cvelist
Cvelist
added 2024/12/09 12:0 a.m.24 views

CVE-2024-50627

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network with specific permissions to upload and execute malicious files, potentially leading to unauthorized system access...

0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.19 views

CVE-2024-50628

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues...

0.00464EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/09 12:0 a.m.19 views

CVE-2024-50625

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when...

0.00316EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2023/12/16 5:58 p.m.9 views

digi-sapiens.de Improper Access Control vulnerability OBB-3816373

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/16 5:58 p.m.7 views

digi-media-net.de Improper Access Control vulnerability OBB-3816372

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/11/12 7:6 p.m.6 views

digi-sport.de Improper Access Control vulnerability OBB-3778273

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/10/25 5:49 p.m.9 views

digi-media-net.de Improper Access Control vulnerability OBB-3765442

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/10/08 6:24 p.m.8 views

digi-archives.org Cross Site Scripting vulnerability OBB-3733586

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/09/21 12:0 a.m.6 views

The vulnerability of the remote access software for devices on the Digi RealPort network lies in the use of a password hash instead of a plain-text password for authentication. This allows attackers to compromise the target system.

The vulnerability of the remote access software for devices on the Digi RealPort network relates to the use of a password hash instead of a plain-text password for authentication. Exploiting this vulnerability allows an attacker to compromise the target system remotely...

9CVSS7.5AI score0.0055EPSS
Exploits0References5Affected Software4
Openbugbounty
Openbugbounty
added 2023/09/17 12:21 a.m.10 views

digi-soft.ro Cross Site Scripting vulnerability OBB-3689228

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
NVD
NVD
added 2023/08/31 9:15 p.m.41 views

CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...

9CVSS9.3AI score0.0055EPSS
Exploits0References2
OSV
OSV
added 2023/08/31 9:15 p.m.5 views

CVE-2023-4299

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...

8.1CVSS5.8AI score0.0055EPSS
Exploits0References2
Prion
Prion
added 2023/08/31 9:15 p.m.29 views

Authentication flaw

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...

5.1CVSS8.1AI score0.0055EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2023/08/31 8:45 p.m.10 views

CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...

9CVSS7.3AI score0.0055EPSS
Exploits0References2
CVE
CVE
added 2023/08/31 8:45 p.m.74 views

CVE-2023-4299

CVE-2023-4299 describes a replay attack in Digi RealPort Protocol that can bypass authentication to access connected equipment. The vulnerability affects a wide range of Digi devices and software using RealPort, due to using a password hash instead of the actual password for authentication. The I...

9CVSS8.4AI score0.0055EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/31 8:45 p.m.38 views

CVE-2023-4299 Digi RealPort Protocol Use of Password Hash Instead of Password for Authentication

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment...

9CVSS9.3AI score0.0055EPSS
Exploits0References2
ICS
ICS
added 2023/08/31 6:0 a.m.47 views

Digi RealPort Protocol

1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow the...

9CVSS8.9AI score0.0055EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

Digi RealPort 安全漏洞

Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol. A security vulnerability exists in the Digi RealPort Protocol that stems from vulnerability...

9CVSS7.7AI score0.0055EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.9 views

PT-2023-5295 · Digi · Digi Realport

Name of the Vulnerable Software and Affected Versions: Digi RealPort affected versions not specified Description: The issue is related to the use of a password hash instead of the password itself for authentication, which can be exploited by an attacker to compromise the target system. It is also...

9CVSS8AI score0.0055EPSS
Exploits0References7
OSV
OSV
added 2023/07/12 1:15 p.m.5 views

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

9.8CVSS7.3AI score0.00516EPSS
Exploits1References2
Rows per page
Query Builder