2 matches found
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an SQL injection in the GetSettings method, which can be exploited by an attacker to bypass authorization...
ZDI-CAN-17750: Ivanti Avalanche EnterpriseServer GetSettings Exposed Dangerous Method Authentication Bypass Vulnerability
This vulnerability allows to bypass the patches for following vulnerabilities: ZDI-CAN-15251 ZDI-CAN-15137 ZDI-CAN-15528 ZDI-CAN-15919 Those patches restricted an access to the messages or validated the response through the calculation of the h.meta1 token. However, the attacker is able to leak t...