Malicious code in @zalastax/nolb-ilc (npm)

The package @zalastax/nolb-ilc was found to contain malicious code...

MAL-2025-11983 Malicious code in @zalastax/nolb-ilc (npm)

The package @zalastax/nolb-ilc was found to contain malicious code...

CVE-2018-25112 PHOENIX CONTACT: ILC 1x1 ETH Denial of Service

An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device...

CVE-2018-25112 PHOENIX CONTACT: ILC 1x1 ETH Denial of Service

An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device...

CVE-2018-25112

CVE-2018-25112 affects the PHOENIX CONTACT ILC 1x1 ETH programmable controllers. The vulnerability stems from an uncontrolled resource consumption in the IEC 61131 program, allowing an unauthenticated remote attacker to generate large amounts of network traffic that must be processed by the ILC, ...

PHOENIX CONTACT ILC 安全漏洞

The PHOENIX CONTACT ILC is a series of programmable controllers from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT ILC that stems from an uncontrolled resource consumption issue in the IEC 61131 program that could lead to a denial of service attack...

CVE-2024-7820

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2020-8768

An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examining a link on the website of the device...

Phoenix Contact ILC PLCs Improper Authentication (CVE-2016-8380)

The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Phoenix Contact ILC PLCs Denial of Service (CVE-2021-33541)

Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of...

Phoenix Contact ILC PLCs Improper Authentication (CVE-2016-8371)

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2024-7820

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-7820 ILC Thickbox <= 1.0 - Settings update via CSRF

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-7820 ILC Thickbox <= 1.0 - Settings update via CSRF

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-7820

CVE-2024-7820 affects ILC Thickbox WordPress plugin (≤ 1.0). The issue is a CSRF protection bypass during settings updates, enabling a logged-in attacker to change settings via a CSRF attack. Root cause: absence of CSRF checks in the settings update path. Public details in connected sources confi...

WordPress plugin ILC Thickbox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38606 · WordPress · Ilc Thickbox

Name of the Vulnerable Software and Affected Versions: ILC Thickbox WordPress plugin version 1.0 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For ILC...

WordPress ILC Thickbox plugin <= 1.0 - Settings update via CSRF vulnerability

Settings update via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin ILC Thickbox versions = 1.0...

WordPress ILC Thickbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software ILC Thickbox Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7820 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8fc91133c266 Credits Daniel Ruf Required privile...

Phoenix Contact ILC PLCs Cleartext Storage of Sensitive Information (CVE-2016-8366)

Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. This plugin only works with...