Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue...

NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...

CVE-2023-26478 org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

GSD-2022-1000077 CWE-749 in Dragos version all versions

In RigoBlock Dragos, all versions as of 2022-02-17 and later until a major protocol update is accomplished contain an exposed function CWE-749, specifically setMultipleAllowances which was not set to onlyOwner. The setMultipleAllowances function can be to manipulate tokens with the contract...

Code injection

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...

CVE-2015-3965

Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function...