18 matches found
EUVD-2024-41578
Malicious code in bioql PyPI...
The vulnerability of the microprogrammed Ethernet switch software from Moxa series, namely EDR-8010, EDR-G9004, EDR-G9010, EDG-G1002-BP, NAT-102, G4302-LTE4, and TN-4900, arises due to the lack of measures taken to neutralize specific components used in the operating system. This vulnerability allows a perpetrator to execute arbitrary code.
The vulnerability of the microprogrammed Ethernet switch software from Moxa series, such as EDR-8010, EDR-G9004, EDR-G9010, EDG-G1002-BP, NAT-102, G4302-LTE4, and TN-4900, exists due to the lack of measures to neutralize specific components. Exploiting this vulnerability allows a remote attacker ...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
CVE-2024-45745 TopQuadrant TopBraid EDG JavaScript console XXE
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 is vulnerable to an XXE-style flaw: an authenticated attacker can upload an XML DTD file and execute JavaScript to read local files or access URLs. The root cause is an XML DTD handling/upload feature that allows external entity resolution. Impact is ...
CVE-2024-45745 TopQuadrant TopBraid EDG JavaScript console XXE
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45744 TopQuadrant TopBraid EDG password manager stores external credentials insecurely
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials in edg-vault.properties and reads secrets from edg-setup.properties, enabling an authenticated attacker with file-system access to decrypt external passwords. Affected from at least v7.1.3; attacker access may be gained via another vulnerabilit...
CVE-2024-45744 TopQuadrant TopBraid EDG password manager stores external credentials insecurely
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
PT-2024-31744
Name of the Vulnerable Software and Affected Versions: TopQuadrant TopBraid EDG versions prior to 8.0.1 Description: The issue allows an authenticated attacker to upload an XML DTD file and execute JavaScript, enabling them to read local files or access URLs, which is an example of an XML Externa...
TopQuadrant TopBraid EDG 安全漏洞
TopQuadrant TopBraid EDG is a knowledge graph creation and management tool from TopQuadrant. A security vulnerability exists in TopQuadrant TopBraid EDG versions prior to 8.0.1, which originated from a vulnerability that allows an authenticated attacker to upload an XML DTD file and execute...
TopQuadrant TopBraid EDG Insecure External Password Storage and XXE Vulnerabilities
RISK EVALUATION TopQuadrant TopBraid EDG stores credentials for external services insecurely and processes untrusted XML entities. An authenticated attacker could obtain credentials for remote services, read local files, or access URLs. 2. RECOMMENDED PRACTICES Upgrade to TopQuadrant TopBraid...
VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250)
VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability CVE-2010-1250 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information ...
CVE-2010-1250
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed 1 EDG 0x88 and 2 Publisher 0x89 records, aka "Excel EDG Memory...
CVE-2010-1250
Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed 1 EDG 0x88 and 2 Publisher 0x89 records, aka "Excel EDG Memory...