124 matches found
XSS-Payload-Generator
XSS-Payload-Generator user guide 0. This script is an XSS payl...
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
A redirect route rule like: ts routeRules: "/legacy/": redirect: "/" is intended to rewrite paths within the same host. Before the patch, an attacker could turn the rewrite into a cross-host redirect by sliding an extra slash in after the rule prefix. Example exploit: GET /legacy//evil.com Nitro...
Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways
We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...
CVE-2019-25554 Tomabo MP4 Converter 3.25.22 Denial of Service via Name Field
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when adding a preset i...
CVE-2022-50979
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...
CVE-2022-50980
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
CVE-2022-50978
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...
CVE-2022-50977
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP...
CVE-2022-50980
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
CVE-2022-50977
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP...
CVE-2022-50978
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...
CVE-2022-50979
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...
CVE-2022-50980
CVE-2022-50980 affects Innomic VibroLine VLX and avibia AVLX devices. Affected component is the CAN bus configuration handling, where an unauthenticated adjacent attacker can switch between multiple configuration presets, potentially disrupting operations. The root cause is unauthenticated access...
CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
CVE-2022-50980
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
EUVD-2022-55957
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...
EUVD-2022-55956
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...
CVE-2022-50979
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus RS485...
EUVD-2022-55955
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...
CVE-2022-50978
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...