CVE-2024-45368

CVE-2024-45368 affects AutomationDirect DirectLogic H2-DM1E PLC (versions 2.8.0 and earlier). The vulnerability stems from an authentication protocol that may accept multiple distinct packets as valid responses, enabling potential session hijacking or bypass. Reports cite session fixation and aut...

CVE-2024-45368 AutomationDirect DirectLogic H2-DM1E Session Fixation

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

CannibalRAT targets Brazil

This post was authored by Warren Mercer and Vitor Ventura Introduction Talos has identified two different versions of a RAT, otherwise known as a remote access trojan, that has been written entirely in Python and is wrapped into a standalone executable. The RAT is impacting users of a Brazilian...

@stake Advisory: PalmOS Password Retrieval and Decoding (A092600-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: PalmOS Password Retrieval and Decoding A092600-1 Release Date: 09/26/2000 Application: PalmOS 3.5.2 and below Platform: All PalmOS Platform Devices Severity: Moderate. Passwords can easily ...