PT-2018-13: Command Injection in PHOENIX CONTACT FL SWITCH

The specialists of the Positive Research center have detected a Command Injection vulnerability in PHOENIX CONTACT FL SWITCH. Vulnerability in Phoenix Contact managed FL SWITCH allows attackers to inject and execute arbitrary OS commands. How to fix Update firmware to the latest version Advisory...

PT-2018-12: Information Disclosure in PHOENIX CONTACT FL SWITCH

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in PHOENIX CONTACT FL SWITCH. Vulnerability in Phoenix Contact managed FL SWITCH allows unauthenticated attackers to read the configuration file. How to fix Update firmware to the latest version...

PT-2017-55: Denial of Service in Suricata

The specialists of the Positive Research center have detected a Denial of Service vulnerability in Suricata. Vulnerability in DetectEngineContentInspection in Suricata allows attackers to trigger lots of redundant checks on the content of crafted network traffic resulting in a denial of service...

PT-2018-32: Arbitrary Code Execution in NCR S1

The specialists of the Positive Research center have detected an Arbitrary Code Execution vulnerability in NCR S1. Vulnerability in the NCR S1 Dispenser controller, related to insufficient protection of the memory write mechanism, allows unauthenticated, remote attackers to execute arbitrary code...

PT-2018-19: Authorization Bypass in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200

The specialists of the Positive Research center have detected an Authorization Bypass vulnerability in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200. Vulnerability allows attackers to bypass authorization using requests to CGI functions. How to fix Use the...

PT-2018-15: Arbitrary Code Execution in Schneider Electric's Modicon Quantum

The specialists of the Positive Research center have detected an Arbitrary Code Execution vulnerability in Schneider Electric's Modicon Quantum. A vulnerability allows attackers to execute arbitrary code, cause a denial of service, or load a malicious firmware via an FTP command used to upgrade t...

PT-2018-17: Information Disclosure in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200. Hash collisions in algorithms used for password encryption allow attackers to obtain passwords. How to fix...

PT-2018-09: Code Injection in Ipswitch WhatsUp Gold

The specialists of the Positive Research center have detected a Code Injection vulnerability in Ipswitch WhatsUp Gold. A code injection vulnerability in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold allows attackers to execute arbitrary commands and code on the WhatsUp Gold server via a specially...

PT-2018-08: SQL injection in Ipswitch WhatsUp Gold

The specialists of the Positive Research center have detected an SQL injection vulnerability in Ipswitch WhatsUp Gold. SQL injection vulnerability in Ipswitch WhatsUp Gold, due to insufficient validation of user input on some .ASP pages, allows attackers to execute arbitrary SQL commands and obta...

PT-2018-43: XXE Injection in SAP Business Process Automation by Redwood

The specialists of the Positive Research center have detected an XXE Injection vulnerability in SAP Business Process Automation by Redwood. A vulnerability in SAP Business Process Automation BPA, due to insufficient validation of XML documents accepted from untrusted sources, allows attackers to...

PT-2018-44: Directory Traversal in SAP Business Process Automation by Redwood

The specialists of the Positive Research center have detected a Directory Traversal vulnerability in SAP Business Process Automation by Redwood. A directory traversal vulnerability in SAP Business Process Automation BPA, due to insufficient validation of path information provided by users, allows...

PT-2018-42: Information Disclosure in SAP NetWeaver System Landscape Directory

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in SAP NetWeaver System Landscape Directory. A vulnerability in SAP NetWeaver System Landscape Directory allows attackers to obtain information about the intranet via port scanning. How to fix Us...

PT-2017-08: Information Exposure in Hirschmann Automation and Control GmbH Classic Platform Switches

The specialists of the Positive Research center have detected an Information Exposure vulnerability in Hirschmann Automation and Control GmbH Classic Platform Switches. An information exposure through query strings vulnerability in the web interface of Belden Hirschmann RS, RSR, RSB, MACH100,...

PT-2018-40: Stored XSS in SAP NetWeaver Development Infrastructure Cockpit

The specialists of the Positive Research center have detected a Stored XSS vulnerability in SAP NetWeaver Development Infrastructure Cockpit. A stored cross-site scripting XSS vulnerability in the '/nwdicockpit/srv/data/userprefs' component in SAP NetWeaver Development Infrastructure Cockpit allo...

PT-2017-04: Security Restrictions Bypass in Kaspersky Embedded Systems Security

The specialists of the Positive Research center have detected a Security Restrictions Bypass vulnerability in Kaspersky Embedded Systems Security. Vulnerability in the Application Control component of Kaspersky Embedded Systems Security allows attackers to gain privileges and execute arbitrary...

PT-2016-37: Information Disclosure in Intel

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Intel. Vulnerability in BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors allows attackers with physical access to the system to obtain sensitive information. How to f...

PT-2016-17: Cross-Site Scripting in SAP NetWeaver

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in SAP NetWeaver. Reflected cross-site scripting in the "/com.sap.portal.themes.styleservice.LockingTestPortalComponent" component allows remote attackers to inject arbitrary HTML tags including...

PT-2016-21: Cross-Site Scripting in SAP NetWeaver

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in SAP NetWeaver. Reflected cross-site scripting in the "/com.sap.portal.themes.integrity.personalization", "/com.sap.portal.themes.integrity.url",...

PT-2016-39: Information Disclosure in StruxureWare Data Center Expert

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in StruxureWare Data Center Expert. Vulnerability in StruxureWare Data Center Expert allows attackers to obtain product passwords in cleartext by reading random access memory RAM. How to fix Upda...

PT-2016-07: Unauthorized Access in Vesta Control Panel

The specialists of the Positive Research center have detected an Unauthorized Access vulnerability in Vesta Control Panel. Directory /web/filemanager/ contains scenarios which perform file manager operations in control panel. Scenario files.php lacks active user session checking that allows...