CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

Code injection

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-1143 CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-1143

Delta Electronics InfraSuite Device Master (versions prior to 1.0.5) is affected by a Lua script deserialization/remote code execution vulnerability. The issue stems from Lua scripting support in the device, allowing an unauthenticated or minimally authenticated attacker to remotely execute arbit...

CVE-2023-1143 CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...

PT-2023-2320 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 Description: The issue is related to errors in code generation, allowing an attacker to remotely execute arbitrary code by running Lua scripts. This could enable an attacker t...

CVE-2023-23551

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23551

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

Code injection

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23551 X-600M Code Injection

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23551 X-600M Code Injection

Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code...

CVE-2023-23551

CVE-2023-23551 affects Control By Web X-600M web-enabled industrial I/O controllers. The vulnerability arises from improper generation of code, allowing Lua-script execution that could let an attacker remotely execute arbitrary code via the network. Affected device: X-600M; root cause: code injec...

PT-2023-1509 · Controlbyweb · Control By Web X-600M

Name of the Vulnerable Software and Affected Versions: Control By Web X-600M affected versions not specified Description: The issue is related to code injection in Lua scripts, which could allow an attacker to remotely execute arbitrary code. This is due to errors in code generation. The...

Control By Web X-600M 代码注入漏洞

Control By Web X-600M is a modular, web-enabled industrial I/O controller from Control By Web. The Control By Web X-600M suffers from a code injection vulnerability that stems from running Lua scripts that are susceptible to code injection attacks. An attacker could exploit this vulnerability to...

redis: Code injection via Lua script execution environment

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user...

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The malware, which Doctor Web first came across in July 2022, were discovered in the system partiti...

USN-5221-1: Redis vulnerabilities

It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2021-32626 It was discovered that Redis incorrectly handled some malformed requests when using Redis...

Apache HTTP Server Input Validation Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server version 2.4.53 and earlier, which stems from a failure to...

ALPINE-CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

CVE-2022-28615

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...