EUVD-2021-14864

Malware in sbrugna...

CVE-2022-35292

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to...

CVE-2021-28174 Mitake Smart Stock Selection System - Broken Authentication

Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login...

CVE-2021-28171 Vangene deltaFlow E-platform - Broken Authentication

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie...

CVE-2021-28171

The CVE-2021-28171 entry concerns the Vangene deltaFlow E-platform. The vulnerability stems from improper protective measures that allow remote attackers to obtain privileged permissions by tampering with users’ cookie data. Affected component: cookie-based session/authorization data handling in ...

CVE-2021-22860

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary...

Design/Logic Flaw

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary...

CVE-2021-22860 EIC e-document system - Broken Authentication

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary...

Code injection

A vulnerability has been identified in SINUMERIK 828D V4.7 All versions V4.7 SP6 HF1, SINUMERIK 840D sl V4.7 All versions V4.7 SP6 HF5, SINUMERIK 840D sl V4.8 All versions V4.8 SP3. The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code...

Code injection

A vulnerability has been identified in SINUMERIK 828D V4.7 All versions V4.7 SP6 HF1, SINUMERIK 840D sl V4.7 All versions V4.7 SP6 HF5, SINUMERIK 840D sl V4.8 All versions V4.8 SP3. The integrated web server on port 4842/tcp of the affected products could allow a remote attacker to execute code...

CVE-2018-11458

A vulnerability has been identified in SINUMERIK 828D V4.7 All versions V4.7 SP6 HF1, SINUMERIK 840D sl V4.7 All versions V4.7 SP6 HF5, SINUMERIK 840D sl V4.8 All versions V4.8 SP3. The integrated VNC server on port 5900/tcp of the affected products could allow a remote attacker to execute code...

CVE-2016-10139

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of...