Lucene search
K

2168 matches found

BDU FSTEC
BDU FSTEC
added 2022/03/11 12:0 a.m.6 views

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises due to an incorrect restriction on the name of the path to the restricted access catalog. This allows a intruder to execute arbitrary code.

The vulnerability of the Interactive Graphical SCADA System IGSS exists due to an incorrect restriction on the name of the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using a specially created...

10CVSS8.2AI score0.03505EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2022/03/07 12:0 a.m.119 views

Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Link settings of a body party and save the change: "alert/XSS-link/...

4.8CVSS0.6AI score0.00588EPSS
Exploits2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Interactive Geo Maps plugin <= 1.5.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Interactive Geo Maps plugin versions = 1.5.3. Solution Update the Interactive Geo Maps plugin to the latest available version at least 1.5.4...

4.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.17 views

WordPress Interactive Geo Maps plugin <= 1.5.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Interactive Geo Maps plugin versions = 1.5.3. Solution Update the Interactive Geo Maps plugin to the latest available version at least 1.5.4...

2.7AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.7 views

Zepl Notebook 安全漏洞

Zepl Notebook is the United States Zepl company provides interactive data analysis and Web-based notebook. Zepl Notebook is a web-based notebook that provides interactive data analysis and is used to make beautiful documents that are data-driven, interactive and collaborative. Zepl Notebook has a...

9.9CVSS8.3AI score0.0165EPSS
Exploits1References5
Fedora
Fedora
added 2022/02/16 1:28 a.m.33 views

[SECURITY] Fedora 35 Update: zsh-5.8.1-1.fc35

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell...

7.8CVSS0.8AI score0.0198EPSS
Exploits0
Fedora
Fedora
added 2022/02/12 1:19 a.m.68 views

[SECURITY] Fedora 35 Update: ipython-7.26.0-3.fc35

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

8.8CVSS8.7AI score0.00657EPSS
Exploits1
OSV
OSV
added 2022/02/11 6:15 p.m.3 views

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

9.8CVSS6.4AI score0.01943EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 6:15 p.m.3 views

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

7.5CVSS5.8AI score0.14241EPSS
Exploits0References1
NVD
NVD
added 2022/02/11 6:15 p.m.30 views

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

9.8CVSS0.01943EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 6:15 p.m.6 views

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

9.8CVSS6.4AI score0.20165EPSS
Exploits0References1
Prion
Prion
added 2022/02/11 6:15 p.m.13 views

Design/Logic Flaw

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

5CVSS7.4AI score0.14241EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Remote code execution

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

7.5CVSS9.6AI score0.20165EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Design/Logic Flaw

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

7.5CVSS9.6AI score0.01943EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.16 views

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

5CVSS7.4AI score0.01294EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/11 5:40 p.m.59 views

CVE-2021-22824

The CVE-2021-22824 entry concerns the Schneider Electric Interactive Graphical SCADA System Data Collector (dc.exe) with affected versions up to 15.0.0.21320 and earlier. The root cause is a Buffer Copy without Checking Size of Input (CWE-120), due to missing length checks on user-supplied data i...

7.5CVSS7.4AI score0.14241EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.23 views

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

7.7AI score0.14241EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.22 views

CVE-2021-22803

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product:...

9.9AI score0.01943EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.25 views

CVE-2021-22802

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

9.9AI score0.20165EPSS
Exploits0References1
CVE
CVE
added 2022/02/11 5:40 p.m.81 views

CVE-2021-22803

Schneider Electric IGSS DC module (dc.exe, v15.0.0.21243 and prior) is affected by CVE-2021-22803: Unrestricted Upload of File with Dangerous Type, enabling remote code execution by writing arbitrary files to folders in the DC module context via network messages. Root cause: lack of validation du...

9.8CVSS9.6AI score0.01943EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder