CVE-2021-22646

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

Remote code execution

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

CVE-2021-22646 Ovarro TBox Code Injection

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

CVE-2021-22646 Ovarro TBox Code Injection

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...

CVE-2021-22646

CVE-2021-22646 is a code injection vulnerability in Ovarro TBox where the ipk package containing TWinSoft configurations can be uploaded, extracted, and executed on affected RTUs, enabling remote code execution. Affected products include TBoxLT2, TBox MS-CPU32, TBox MS-CPU32-S2, TBox RM2, and TBo...

PT-2022-9260 · Ovarro · Ovarro Tbox

Name of the Vulnerable Software and Affected Versions: Ovarro TBox affected versions not specified Description: The issue allows malicious code execution by uploading, extracting, and executing the "ipk" package containing the configuration created by TWinSoft in Ovarro TBox. Recommendations: At...

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

Design/Logic Flaw

The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution...

CVE-2021-40036

The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution...

katello Cross-site Scripting vulnerability

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

KLA12470 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in XSLT parameter processing can be exploited to cause denial ...

IPCOMM ipDIO 安全漏洞

IPCOMM ipDIO is a remote control communication device from IPCOMM Germany. It is used to record digital and analog inputs and control digital outputs. A code injection vulnerability exists in IPCOMM ipDIO that stems from the absence of a filter when loading certain sections of the Web application...

CVE-2021-22429

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed...

TmaxSoft ToOffice 输入验证错误漏洞

TmaxSoft ToOffice is an office software from South Korea's TmaxSoft that guarantees compatibility with a wide range of document formats and the flexibility to cope with cloud environments based on open platforms . TmaxSoft ToOffice suffers from an input validation error vulnerability that can be...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source

A flaw was found in the way Bundler determined the source repository when installing dependencies of source-restricted gem packages. In configurations that use multiple gem repositories and explicitly define from which source repository certain gems are to be installed, a dependency of a...

CVE-2020-14521

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition...

CVE-2020-14521 Mitsubishi Electric Factory Automation Engineering Products Unquoted Search Path or Element

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition...

CVE-2020-14521

CVE-2020-14521 affects Mitsubishi Electric Factory Automation engineering software and is a vulnerability in unquoted search path or element (CWE-428) that can lead to remote code execution with high impact. Public sources indicate affected Mitsubishi products span a wide range of engineering uti...

in star7th/showdoc

Description There is a filter to prevent upload php, HTML, svg filetype in the code snippet from line 115 to line 122 in AttachmentController.class.php: if strstrstriptagsstrtolower$uploadFile'name', ".php" || strstrstriptagsstrtolower$uploadFile'name', ".htm" ||...