EUVD-2008-6677

Malware in sbrugna...

EUVD-2008-6679

Malware in sbrugna...

EUVD-2020-4827

Malware in sbrugna...

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC, Inc. simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions 9.0.18 through 9.0.20, which stems from the Blowfish encryption algorithm that uses a hard-coded key, and could...

CVE-2024-1605

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries DLL from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for...

CVE-2020-12525

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage...

Deserialization of untrusted data

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage...

CVE-2020-12525 WAGO/M&M Software Deserialization of untrusted data in fdtCONTAINER component

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage...

CVE-2020-12525

CVE-2020-12525 describes a deserialization of untrusted data in the fdtCONTAINER component used by M&M Software (and related products). Affected versions include below 3.5.20304.x and between 3.6 and 3.6.20304.x for the fdtCONTAINER component (and related application versions). The vulnerability ...

WAGO M&M Software fdtCONTAINER (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik Equipment: fdtCONTAINER Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

CVE-2016-11031

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 software. AntService allows a systemserver crash and reboot. The Samsung ID is SVE-2016-7044 November 2016...

Design/Logic Flaw

An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file...

CVE-2017-9648

The CVE-2017-9648 issue affects Solar Controls WATTConfig M Software, versions 2.5.10.1 and earlier. It stems from an Uncontrolled Search Path Element (CWE-427) that could allow arbitrary code execution via a malicious DLL file on the target system. Affected product: WATTConfig M Software for Win...

Solar Controls WATTConfig M Software DLL Load Local Code Execution Vulnerability

Solar Controls WATTConfig M Software is a suite of software for use in Solar Controls devices from Solar Controls, Czech Republic. A security vulnerability exists in Solar Controls WATTConfig M Software version 2.5.10.1 and earlier. The vulnerability can be exploited by an attacker to execute...

Solar Controls WATTConfig M Software

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: WATTConfig M Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ WATTConfig M Software for Windows 2.5.10 for M SSR/MAX PLCs are affected: WATTConf...

StudioLine Photo Basic 3.70.34.0 Insecure Method

Vulnerability ID: HTB23024 Reference: http://www.htbridge.ch/advisory/studiolinephotobasic3activexcontrolinsecuremethod.html Product: StudioLine Photo Basic 3 Vendor: H&M Software http://studioline.biz Vulnerable Version: 3.70.34.0 and probably prior Tested on: 3.70.34.0 Vendor Notification: 15...

Authentication flaw

U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to 1 usermanual.php, 2 userconfig.php, 3 userkundnamn.php, 4 userkundlista.php, 5...

Code injection

U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to 1 adminstart.php, 2 admineventtype.php, 3 admineventdetails.php, 4 admineventlist.php, 5...

CVE-2008-6717

U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to 1 adminstart.php, 2 admineventtype.php, 3 admineventdetails.php, 4 admineventlist.php, 5...

CVE-2008-6719

U&M Software Event Lister aka JustListIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to 1 start.php, 2 aktivitet.php, 3 propaktivitet.php, 4 kategorier.php, 5 konfig.ph...