Moxa NPort Plain Text Storage of Passwords (CVE-2016-9348)

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...

Package Manager Packages Report (Windows)

Reports details about packages installed via package managers %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid179138; scriptversion"1.1"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/07/29"; scriptnameenglish:"Package Manager Packages Report...

Jenkins plugins Multiple Vulnerabilities (2023-03-21)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Medium Permissions in Jenkins can be enabled and disabled. Some permissions are disabled by default, e.g., Overall/Manage or Item/Extended...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 PoC CVE-2023-27163, SSRF, request-baskets h...

CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)

Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...

CVE-2023-22040

...

CVE-2023-22039

...

CVE-2023-22022

...

CVE-2023-22020

...

CVE-2023-22009

...

CVE-2023-22004

...

OSV-2023-573 Negative-size-param in check_content_type_and_change_protocol

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60605 Crash type: Negative-size-param Crash state: checkcontenttypeandchangeprotocol processresponse ndpicheckhttptcp...

Rockwell Automation 1756 EN2 and 1756 EN3 Denial of Service Vulnerabilities

Rockwell Automation 1756 is a scalable controller solution from Rockwell Automation. It is capable of addressing a large number of I/O points. A denial of service vulnerability exists in Rockwell Automation 1756 EN2 and 1756 EN3, which arises from a failure to properly handle incoming error...

Basic Inventory Stock Management And Invoicing 2.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Basic Inventory - Stock Management and Invoicing v2.0 Missing Authorization Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro...

Archon CMS 3.14 Cross Site Scripting

==================================================================================================================================== | Title : Archon CMS V3.14 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Vulnerability

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

[SECURITY] Fedora 38 Update: sysstat-12.7.4-1.fc38

The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, pidstat, cifsiostat and sa tools for Linux. The sar command collects and reports system activity information. The information collected by sar can be saved in a file in a binary format for future inspection. The statistics...

CVE-2023-3117

Rejected reason: Duplicate of CVE-2023-3390...

CVE-2023-34256 affecting package kernel 5.10.183.1-1

CVE-2023-34256 affecting package kernel 5.10.183.1-1. A patched version of the package is available...