2168 matches found
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises due to an incorrect restriction on the name of the path to the restricted access catalog. This allows a intruder to execute arbitrary code.
The vulnerability of the Interactive Graphical SCADA System IGSS exists due to an incorrect restriction on the name of the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created...
Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS
The plugin does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Link settings of a body party and save the change: "alert/XSS-link/...
WordPress Interactive Geo Maps plugin <= 1.5.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Interactive Geo Maps plugin versions = 1.5.3. Solution Update the Interactive Geo Maps plugin to the latest available version at least 1.5.4...
WordPress Interactive Geo Maps plugin <= 1.5.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Interactive Geo Maps plugin versions = 1.5.3. Solution Update the Interactive Geo Maps plugin to the latest available version at least 1.5.4...
Zepl Notebook 安全漏洞
Zepl Notebook is the United States Zepl company provides interactive data analysis and Web-based notebook. Zepl Notebook is a web-based notebook that provides interactive data analysis and is used to make beautiful documents that are data-driven, interactive and collaborative. Zepl Notebook has a...
[SECURITY] Fedora 35 Update: zsh-5.8.1-1.fc35
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell...
[SECURITY] Fedora 35 Update: ipython-7.26.0-3.fc35
IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...
CVE-2021-22803
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...
CVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...
CVE-2021-22803
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...
CVE-2021-22802
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...
Design/Logic Flaw
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...
Remote code execution
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...
Design/Logic Flaw
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...
Design/Logic Flaw
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...
CVE-2021-22824
The CVE-2021-22824 entry concerns the Schneider Electric Interactive Graphical SCADA System Data Collector (dc.exe) with affected versions up to 15.0.0.21320 and earlier. The root cause is a Buffer Copy without Checking Size of Input (CWE-120), due to missing length checks on user-supplied data i...
CVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...
CVE-2021-22803
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...
CVE-2021-22802
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...
CVE-2021-22803
Schneider Electric IGSS DC module (dc.exe, v15.0.0.21243 and prior) is affected by CVE-2021-22803: Unrestricted Upload of File with Dangerous Type, enabling remote code execution by writing arbitrary files to folders in the DC module context via network messages. Root cause: lack of validation du...