89 matches found
CVE-2016-9154
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...
Design/Logic Flaw
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...
CVE-2016-9154
Siemens Desigo PX Web modules (PXA40-W0/W1/W2; PXA30-W0/W1/W2 for PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U) are affected by CVE-2016-9154. The root cause is a pseudo-random number generator with insufficient entropy used to generate HTTPS certificates, enabling a r...
CVE-2016-9154
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...
Siemens Patches Insufficient Entropy Vulnerability in ICS Systems
German industrial giant Siemens has provided a firmware update addressing vulnerabilities that are found in a popular line of its Desigo PX industrial control hardware used in controlling primarily HVAC systems in commercial buildings . On Wednesday, Siemens, in coordination with ICS-CERT, issued...
Entropy Insufficiency Vulnerability in Pseudo-Random Number Generation in SIEMENS Desigo PX Web Module
SIEMENS Building Automation Systems Desigo PX programmable automation station offers a flexible solution with the ability to signal alarms, time-based logging programs and trends that can be modified or expanded at any time. An entropy insufficiency vulnerability exists in the pseudo-random numbe...
Siemens Desigo PX Web Module Insufficient Entropy Vulnerability
OVERVIEW Siemens has released a firmware update to mitigate an insufficient entropy vulnerability that affects Siemens Desigo PX Web modules. Marcella Hastings, Joshua Fried, and Nadia Heninger from the University of Pennsylvania coordinated this vulnerability directly with Siemens. This...
CuuMall免费开源商城系统 sql多处注入
简要描述: CuuMall免费开源商城系统 sql多处注入 详细说明: 直接看代码: SearchAction.class.php71-109: public function Exsearch $pinpai = $POST'pinpai'; $pr1 = $POST'pr1'; $pr2 = $POST'pr2'; $keyword = $POST'keyword'; if $pinpai == 0 $pinpai = ""; if $pinpai != "" $sql1 = "pinpai=".$pinpai." and "; else $sql1 = ""; if $pr1 !=...
CVE-2014-2955
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...
Authentication flaw
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...
CVE-2014-2955
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password...
CVE-2014-2955
CVE-2014-2955 affects Raritan PX power distribution software (DPXR20A-16) prior to version 1.5.11. The vulnerability arises in cipher suite 0 (cipher zero) used during IPMI authentication, allowing remote attackers to bypass authentication and execute arbitrary IPMI commands. Impact is remote una...
Raritian PX power distribution software is vulnerable to the cipher zero attack.
Overview Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 aka cipher zero and an arbitrary password. Description CWE-287: Improper...
Raritan PX IPMI Disclosure
Vulnerability: Raritan PX power distribution software contains several well known IPMI vulnerabilities, e.g. - ipmi zero cipher - ipmi dump hash passwords Details: E.g. Model DPXR20A-16: Software release all before and including 01.05.08 recent version from october 2013 ipmitool -I lanplus -C 0 -...
Easy Px 41 CMS 09.00.00B1 - (fiche) Local File Inclusion Vulnerability
No description provided by source. Easy Px 41 CMS v09.00.00B1 fiche Local File Include Exploit D.Script: http://www.easy-script.com/scripts-dl/EPX41v9.zip Discovered by: ThE g0bL!N Greetz To: ALL My Friend dz Exploit: /path/?view=LivreDor&fiche=../../../../../../../../etc/passwd%00 Demo...
IPMI Cipher Suite 0 (Cipher Zero) Authentication Bypass Vulnerability (IPMI Protocol)
Intelligent Platform Management Interface IPMI services are prone to an authentication bypass vulnerability through the use of cipher suite 0 aka cipher zero. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2009-1847
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fiche parameter...
Directory traversal
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fiche parameter...
CVE-2009-1847
Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the fiche parameter...
CVE-2009-1847
CVE-2009-1847 affects Easy PX 41 CMS 9.0 B1, with a vulnerability in index.php that allows directory traversal via the fiche parameter, enabling remote inclusion/execution of local files. The provided documents do not specify affected subversions beyond the product/version, nor a patch or workaro...