319 matches found
CVE-2019-0186
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...
CVE-2019-0186
Apache Pluto Chat Room Demo Portlet vulnerability CVE-2019-0186 is a Cross-Site Scripting (XSS) issue in versions 3.0.0 and 3.0.1. Attackers can inject HTML into the Name/Message fields, which is reflected in the page. Mitigation: uninstall the ChatRoomDemo WAR or upgrade to version 3.1.0. No exp...
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting
Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...
Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting
Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE...
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version:...
Apache Pluto 3.0.0 / 3.0.1 Cross Site Scripting
Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...
CVE-2017-9626
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication...
CVE-2017-9626
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication...
CVE-2017-9626
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication...
Authentication flaw
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication...
CVE-2017-9626
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication...
CVE-2017-9626
CVE-2017-9626 affects Marel Pluto platform devices (Pluto-based applications) with improper access control that allowed unrestricted remote access. Connected sources confirm a Marel-generated update to restrict remote access by implementing SSH authentication, and ICS-CERT advisories describe thi...
ABB Pluto Manager Detection (Windows SMB Login)
Detects the installed version of ABB Pluto Manager for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Remote Code Execution (RCE)
openswan is vulnerable to remote code execution RCE attacks. The vulnerability exists through a buffer overflow issue in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto...
CVE-2018-18995
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing...
Authentication flaw
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing...
Hardcoded credentials
Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...
CVE-2018-18997
Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...
CVE-2018-18995
CVE-2018-18995 affects ABB GATE-E1 and GATE-E2 Gateway Ethernet devices used in Pluto Safety PLC systems. The vulnerability is described as Missing Authentication for Critical Function : administration interfaces (Telnet/Web) accept no authentication, enabling an unauthenticated attacker to acces...
CVE-2018-18995
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authentication to be configured on administrative telnet or web interfaces, which could enable various effects vectors, including conducting device resets, reading or modifying registers, and changing...