Lucene search
+L

138 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.364 views

ScadaBR Credentials Dumper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ScadaBR Credentials Dumper', 'Description' = %q This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1...

7.4AI score
Exploits0
Fedora
Fedora
added 2024/05/29 3:37 a.m.18 views

[SECURITY] Fedora 40 Update: qt6-qtmqtt-6.7.1-1.fc40

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

9.8CVSS6.7AI score0.0097EPSS
Exploits0
OSV
OSV
added 2024/03/11 6:15 p.m.2 views

DEBIAN-CVE-2023-52491

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtkjpegdecdevicerun In mtkjpegprobe, &jpeg-jobtimeoutwork is bound with mtkjpegjobtimeoutwork. In mtkjpegdecdevicerun, if error happens in mtkjpegsetdecdst, it...

7.8CVSS5.4AI score0.00276EPSS
Exploits0References1
Talos
Talos
added 2023/10/11 12:0 a.m.41 views

Yifan YF325 httpd manage_request stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1766 Yifan YF325 httpd managerequest stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34426 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A...

9.8CVSS9.7AI score0.00773EPSS
Exploits0
Talos
Talos
added 2023/10/11 12:0 a.m.29 views

Yifan YF325 httpd next_page buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...

9.8CVSS9.4AI score0.01018EPSS
Exploits0
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.7 views

Eclipse Leshan 代码问题漏洞

Eclipse Leshan is a set of open source Java libraries from the Eclipse Foundation that can be used to develop your own Lightweight M2M server and client. Eclipse Leshan has a code issue vulnerability that stems from being subject to an XML External Entity XXE attack...

9.8CVSS8.3AI score0.00568EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.14 views

ABB M2M ETHERNET Improper Authentication (CVE-2018-17926)

The product M2M ETHERNET FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

4.3CVSS5.1AI score0.00787EPSS
Exploits0References3
NVD
NVD
added 2023/04/11 9:15 a.m.20 views

CVE-2023-27917

OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 a...

8.8CVSS8.8AI score0.01929EPSS
Exploits0References5
OSV
OSV
added 2023/04/11 9:15 a.m.5 views

CVE-2023-23575

Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...

4.3CVSS6.5AI score0.00694EPSS
Exploits0References5
Prion
Prion
added 2023/04/11 9:15 a.m.20 views

Design/Logic Flaw

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...

5.8CVSS7AI score0.00523EPSS
Exploits0References5Affected Software19
Vulnrichment
Vulnrichment
added 2023/04/11 12:0 a.m.14 views

CVE-2023-23575

Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows:...

4.3AI score0.00694EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/04/11 12:0 a.m.30 views

CVE-2023-27389

Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service DoS condition, and/or execute arbitrary code...

7.3AI score0.00523EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.7 views

The vulnerability of the v4l2_m2m_querybuf function in the v4l2-mem2mem.c component of the Linux operating system allows a hacker to cause a service failure, increase their privileges, or execute arbitrary code.

The vulnerability of the v4l2m2mquerybuf function in the v4l2-mem2mem.c component of the Linux operating system is related to writing beyond the buffer limit due to incorrect input validation. Exploiting this vulnerability can allow an attacker to cause system failures, gain elevated privileges, ...

6.8CVSS7.1AI score0.00158EPSS
Exploits0References16Affected Software4
OSV
OSV
added 2023/01/26 10:15 p.m.5 views

CVE-2022-42490

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2023/01/26 10:15 p.m.7 views

CVE-2022-42491

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

9.8CVSS5.9AI score0.03233EPSS
Exploits0References2
Prion
Prion
added 2023/01/26 10:15 p.m.25 views

Heap overflow

A heap-based buffer overflow vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability...

7.5CVSS9.6AI score0.01468EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/01/26 10:15 p.m.25 views

Command injection

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

7.5CVSS9.9AI score0.0347EPSS
Exploits0References1Affected Software1
Talos
Talos
added 2023/01/26 12:0 a.m.53 views

Siretta QUARTZ-GOLD m2m m2m_parse_router_config cmd OS command injection vulnerabilities

Talos Vulnerability Report TALOS-2022-1640 Siretta QUARTZ-GOLD m2m m2mparserouterconfig cmd OS command injection vulnerabilities January 26, 2023 CVE Number CVE-2022-42492,CVE-2022-42491,CVE-2022-42493,CVE-2022-42490 SUMMARY Several OS command injection vulnerabilities exist in the m2m binary of...

9.8CVSS10AI score0.03499EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/26 12:0 a.m.10 views

PT-2023-14125 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: The issue concerns OS command injection vulnerabilities in the m2m binary. A specially-crafted network request can lead to arbitrary command execution. An attacker can exploit th...

9.8CVSS9.9AI score0.03233EPSS
Exploits0References2
Talos
Talos
added 2023/01/26 12:0 a.m.31 views

Siretta QUARTZ-GOLD m2m DELETE_FILE cmd directory traversal vulnerability

Talos Vulnerability Report TALOS-2022-1637 Siretta QUARTZ-GOLD m2m DELETEFILE cmd directory traversal vulnerability January 26, 2023 CVE Number CVE-2022-41154 SUMMARY A directory traversal vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. ...

8.2CVSS7AI score0.01878EPSS
Exploits1
Rows per page
Query Builder