52 matches found
EUVD-2017-15926
Malware in sbrugna...
EUVD-2017-15927
Malware in sbrugna...
EUVD-2019-5208
Malware in sbrugna...
EUVD-2024-35896
Malicious code in bioql PyPI...
EUVD-2025-14848
Malicious code in bioql PyPI...
EUVD-2025-14849
Malicious code in bioql PyPI...
CVE-2024-36140
A vulnerability has been identified in OZW672 All versions V5.2, OZW772 All versions V5.2. The user accounts tab of affected devices is vulnerable to stored cross-site scripting XSS attacks. This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later execut...
CVE-2019-13941
A vulnerability has been identified in OZW672 All versions V10.00, OZW772 All versions V10.00. Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific...
CVE-2025-26390
A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...
CVE-2025-26390
A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...
CVE-2025-26389
A vulnerability has been identified in OZW672 All versions V8.0, OZW772 All versions V8.0. The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with roo...
CVE-2025-26390
A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...
CVE-2025-26389
A vulnerability has been identified in OZW672 All versions V8.0, OZW772 All versions V8.0. The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with roo...
CVE-2025-26390
A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...
CVE-2025-26390
A vulnerability has been identified in OZW672 All versions V6.0, OZW772 All versions V6.0. The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrato...
CVE-2025-26390
The CVE-2025-26390 entry concerns Siemens OZW672 and OZW772 web servers vulnerable to SQL injection during authentication checks. Affected versions are OZW672 and OZW772 prior to V6.0; exploitation could allow an unauthenticated remote attacker to bypass authentication and log in as Administrator...
CVE-2025-26389
A vulnerability has been identified in OZW672 All versions V8.0, OZW772 All versions V8.0. The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with roo...
CVE-2025-26389
A vulnerability has been identified in OZW672 All versions V8.0, OZW772 All versions V8.0. The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with roo...
CVE-2025-26389
Siemens OZW672 and OZW772 web servers (embedded in affected devices) prior to V8.0 are vulnerable. The exportDiagramPage endpoint does not sanitize input parameters, enabling an unauthenticated remote attacker to execute arbitrary code with root privileges over the network. Affected versions: OZW...
Siemens OZW672和Siemens OZW772 SQL注入漏洞
The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...