321 matches found
CVE-2023-24709
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters...
CVE-2023-24709
Paradox Security Systems IPR512 contains a Denial of Service vulnerability (CVE-2023-24709) in the web panel due to handling of login.html and login.xml parameters. Attackers can crash the login page, as demonstrated by PoC/exploit material tied to the IPR512, with no publicly documented fix in t...
Cybersecurity health and how to stay ahead of attackers with Linda Grasso
The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Linda Grasso, the...
Cybersecurity health and how to stay ahead of attackers with Linda Grasso
The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Linda Grasso, the...
Bosch Security Systems B420 安全漏洞
Bosch Security Systems B420 is an Ethernet communication module from Bosch Security Systems, USA. A security vulnerability exists in Bosch Security Systems B420 version 02.02.0001. An attacker who exploits this vulnerability could gain access to their device by being on the same network as a...
Exploit for Code Injection in Paradox Ipr512_Firmware
Injection vulnerability in Paradox Security Systems IPR512 - C...
Exploit for Code Injection in Paradox Ipr512_Firmware
Injection vulnerability in Paradox Security Systems IPR512 - C...
Exploit for Code Injection in Paradox Ipr512_Firmware
Injection vulnerability in Paradox Security Systems IPR512 - C...
fabuloushaircosmetics.nl Cross Site Scripting vulnerability OBB-3132240
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Code injection
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
Arbitrary file deletion
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-31322
The CVE-2022-31322 entry affects Penta Security Systems’ WAPPLES, specifically version 6.0 r3 with 4.10-hotfix1. The vulnerability allows privilege escalation by overwriting files using SUID-enabled executables. Root cause and affected component: SUID flagged executables enabling local privilege ...
CVE-2022-31322
Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables...
CVE-2022-31324
CVE-2022-31324 (WAPPLES) : A vulnerability in Penta Security Systems Inc WAPPLES (version 6.0 r3 4.10-hotfix1) within the downloadAction() function allows an attacker to download arbitrary files via a crafted POST request. This is stated across multiple sources (NVD, Red Hat advisory, CVE lists) ...
CVE-2022-31324
An arbitrary file download vulnerability in the downloadAction function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request...
CVE-2022-35582
CVE-2022-35582 pertains to Penta Security WAPPLES (versions 4.0., 5.0.0. , 5.0.12.*) with an Incorrect Access Control flaw: the OS includes a built-in non-privileged user named ‘penta’ with a predefined password, whose existence and credentials are not documented. This enables potential unauthori...
Penta Security Systems WAPPLES 信任管理问题漏洞
Penta Security Systems WAPPLES is a logical Web application firewall from Penta Security Systems, India. A security vulnerability exists in Penta Security Systems WAPPLES v6.0 r3 version 4.10-hotfix1, which originated from a vulnerability that allows an attacker to elevate privileges by overwriti...
Penta Security Systems WAPPLES 安全漏洞
Penta Security Systems WAPPLES is a logical Web application firewall from Penta Security Systems, India. A security vulnerability in Penta Security Systems WAPPLES v6.0 r3 version 4.10-hotfix1, which originates from an arbitrary file download vulnerability in the downloadAction function, allows a...
PT-2022-20686 · Penta Security Systems Inc · Wapples
Name of the Vulnerable Software and Affected Versions: Penta Security Systems Inc WAPPLES version 6.0 r3 4.10-hotfix1 Description: The issue allows attackers to escalate privileges via overwriting files using SUID flagged executables. Recommendations: For Penta Security Systems Inc WAPPLES versio...
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root
SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com https://www.se.com/ww/en/product/5200WHC2/home-controller-spacelogic-cbus-cbus-ip-free-standing-24v-dc/...