PT-2022-17794 · Microsoft · Exchange Server +1

Name of the Vulnerable Software and Affected Versions: poi-scratchpad versions 5.2.0 and prior versions Description: A shortcoming in the HMEF package of poi-scratchpad allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files, which are associated with...

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server PoC curl...

Folders Disclosure via Outdated jQueryFileTree Library

The plugins are using the admin-page-framework framework which is shipped with the outdated and no longer maintained library jQueryFileTree known to be affected by a path traversal issue, allowing unauthenticated attackers to disclose the folder structure of the web server curl...

WordPress RW Divi Unite Gallery plugin <= 1.0 - Security Bypass vulnerability via Outdated Freemius

Security Bypass vulnerability via Outdated Freemius discovered by 0xdecafbad in WordPress RW Divi Unite Gallery plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a full...

RW Divi Unite Gallery <= 1.0 - Security Bypass via Outdated Freemius

The plugin is vulnerable to a security bypass due to the use of a known vulnerable component, Freemius 2.2.4. The plugin uses Freemius 1.0.0 and is therefore vulnerable. The core issue that causes the vulnerability is in the setdboption function, which is exposed to any authenticated user with no...

GHSA-HV53-VF5M-8Q94 personnummer/go vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

On the Irish Health Services Executive Hack

A detailed report of the 2021 ransomware attack against Ireland’s Health Services Executive lists some really bad security practices: The report notes that: The HSE did not have a Chief Information Security Officer CISO or a “single responsible owner for cybersecurity at either senior executive o...

CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

Code injection

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

CVE-2021-40363

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC PCS 7 V8.2 All versions, SIMATIC PCS 7 V9.0 All versions, SIMATIC PCS 7 V9.1 All versions V9.1 SP1, SIMATIC WinCC V15 and earlier All versions V15 SP1 Update 7, SIMATIC WinCC V16 All versions V16 Update 5, SIMATIC WinCC V17 All versions V17 Update 2,...

CVE-2021-40363

CVE-2021-40363 affects Siemens SIMATIC PCS 7 and WinCC products. The underlying issue is that the affected component stores local system account credentials in a publicly accessible project file using an outdated cipher algorithm, enabling an attacker to brute-force credentials and take over the ...

PT-2022-4093 · Siemens · Simatic Pcs 7 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC WinCC versions V7.4 through V7.5 SIMATIC WinCC versions V15 through V17 Description: The issue is related to a potential information leak about files and directories. An attacker may exploit th...

EcoStruxure Geo SCADA Expert 加密问题漏洞

EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable Supervisory Control and Data Acquisition SCADA Software A security vulnerability exists in EcoStruxure Geo SCADA Expert that stems from the fact that communication with the server may not be encrypted when using an outdated...

WAGO 750-8xxx PLC Denial Of Service / User Enumeration Vulnerability

WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 v03.08.08 suffer from denial of service and user enumeration vulnerabilities. ======================================================================= title: Denial of service & User Enumeration product: WAGO 750-8xxx PLC vulnerable version:...

WAGO 750-8xxx PLC Denial Of Service / User Enumeration

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service & User Enumeration product: WAGO 750-8xxx PLC vulnerable version: Firmware 20 Patch 1 v03.08.08 fixed version: Firmware 20 Patch 1 v03.08.08 CVE number:...

CVE-2021-45671

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.4.120, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, MR60 before 1.0.6.110, RAX20 before 1.0.2.82,...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki 1.37 and earlier versions, which stems from th...