15 matches found
Yokogawa CENTUM
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Yokogawa Equipment : CENTUM Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...
FXC AE1021/AE1021PE
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : FXC Equipment : AE1021, AE1021PE Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...
Omron Engineering Software Zip-Slip
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Low attack complexity Vendor : Omron Equipment : Sysmac Studio, NX-IO Configurator Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. 3...
Fujitsu Software Infrastructure Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Fujitsu Software Equipment: Infrastructure Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker retrieving...
GHSA-V5GW-MW7F-84PX Starlette has Path Traversal vulnerability in StaticFiles
Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix:...
Starlette has Path Traversal vulnerability in StaticFiles
Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix:...
Nadesiko3 OS Command Injection vulnerability
OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...
GHSA-M8R5-7WF4-63MW Nadesiko3 OS Command Injection vulnerability
OS command injection vulnerability in Nadesiko3 PC Version v3.3.68 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. Release notes for versions 3.3.62 and 3.3.69 both link to patches for this particular issue. The...
[Security Nation] Taki Uchiyama of Panasonic on Product Security and Incident Response
!\Security Nation\ Taki Uchiyama of Panasonic on Product Security and Incident Responsehttps://blog.rapid7.com/content/images/2022/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Taki Uchiyama about his work on Panasonic’s Product Security Incident Response...
Experts Uncover Several C&C Servers Linked to WellMess Malware
Cybersecurity researchers on Friday unmasked new command-and-control C2 infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the...
WordPress Recently plugin <= 3.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yu Iwama of Secure Sky Technology Inc. and the JPCERT/CC Vulnerability Coordination Group in WordPress Recently plugin versions = 3.0.4. Solution Update the WordPress Recently plugin to the latest available version at least...
SA142 : Invalid TCP Packet Generation DoS in SSL Visibility
SUMMARY The SSL Visibility appliance may, under certain circumstances, generate invalid TCP reset RST packets to remote SSL servers when terminating an intercepted SSL connection. Some SSL servers may ignore the invalid RST packet received and keep the TCP connection open. A malicious SSL client,...
MODx Evo 1.0.4 (and prior) SQL Injection and Directory Traversal Vulnerabities
Status: Solved Product: MODx Evolution Severity: High Versions: 1.0.4 and prior Advisory Date: 2011-01-26 Fixed Date: 2011-01-19 Impact: a A remote attacker may access or view arbitrary files on the server. b A remote attacker may execute arbitrary PHP code as a result of SQL injection. Descripti...
CVE-2007-3386.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3386: XSS in Host Manager Severity: Low Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 Description: The Host Manager Servlet does not filter user supplied data before display. Th...
CVE-2007-3386: XSS in Host Manager
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3386: XSS in Host Manager Severity: Low Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 Description: The Host Manager Servlet does not filter user supplied data before display. Th...