194 matches found
PT-2022-16581 · Siemens · Sinema Server +1
Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V1.0.3 SINEMA Server V14 all versions Description: A security issue allows a privileged authenticated attacker to execute arbitrary commands in the local database. This is achieved by sending specially crafted...
Siemens SINEC NMS SQL注入漏洞
Siemens SINEC NMS is a network management system NMS from Siemens Germany that is used to centrally monitor, manage, and configure industrial networks with tens of thousands of devices 24/7, including security-related areas.A SQL injection vulnerability in Siemens SINEC NMS allows a privileged,...
GHSA-8WR4-2WM6-W3PR B2 Command Line Tool TOCTOU application key disclosure
Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...
B2 Command Line Tool TOCTOU application key disclosure
Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...
Time-of-check-time-of-use (TOCTOU)
b2sdk is vulnerable to time-of-check-time-of-use TOCTOU. A local attacker is able to read the contents of the local database file where API keys are saved when using SqliteAccountInfo, resulting in sensitive information disclosure via race condition...
PYSEC-2022-32
B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...
CVE-2021-40843
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...
CVE-2021-40843
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...
CVE-2021-40843
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77591)
SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77593)
SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements. An attacker could use this...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77589)
SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...
Siemens SINEC NMS SQL Injection Vulnerability
SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77592)
SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which could be exploited by an authenticated attacker to import firmware containers into the affected system...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77586)
SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...
Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77587)
SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which could be exploited by an attacker with privileged credentials to execute arbitrary commands in the loca...
CVE-2021-33735
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...
CVE-2021-33730
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...
CVE-2021-33732
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...
CVE-2021-33729
A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database...