Palo Alto Networks PAN-OS 10.1.x < 10.1.14 / 10.2.x < 10.2.4-h6 / 11.0.x < 11.0.5 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14 or 10.2.x prior to 10.2.4-h6 or 11.0.x prior to 11.0.5. It is, therefore, affected by a vulnerability. A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an...

Input validation

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the servicestart, servicestop, and servicerestart modules of the software. This could allow an attacker to start, stop, or restart arbitrary...

Sewio Real-Time Location System (RTLS) Studio 输入验证错误漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An input validation error vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which stems from susceptibility to incorrect input validation of user input to th...

CVE-2022-22524 SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services...

CVE-2017-20120

A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

Fortinet FortiSandbox 输入验证错误漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. An input validation error vulnerability exists in Fortinet FortiSandbox, which...

CVE-2021-29951

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

Denial of Service Vulnerability in Schneider PLC-M340

The Schneider-Electric M340 PLC is a high performance and stable controller for a wide range of industrial control applications. A denial of service vulnerability exists in the Schneider PLC-M340, which can be exploited by an attacker to cause the device's CPU RUN light to go out, the CPU module,...

CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43143)

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxdashboard.php file not...

CVE-2020-15609

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the servicestop parameter, the proces...

Opto 22 SoftPAC Project Authorization Issues Vulnerability

Opto 22 SoftPAC Project is an automation software suite from Opto 22 USA. The product is capable of providing industrial automation, process control, building automation, remote monitoring, data acquisition and industrial IoT. An authorization issue vulnerability exists in Opto 22 SoftPAC Project...

VMware Carbon Black TAU: Ryuk Ransomware Technical Analysis

Ryuk Ransomware has been crippling both the public and private sector recently with the ability to disrupt its target environment. The ransomware will typically be dropped by an already compromised system that has been infected by Trickbot or Emotet through a phishing email. Once the Ryuk payload...

EMC ScaleIO MDM, SDS and LIA Denial of Service Vulnerabilities

EMC ScaleIO is a software-defined solution for converting DAS storage to shared data block storage from EMC Corporation, U.S.A. MDM, SDS, and LIA are among the message resolvers. A denial of service vulnerability exists in MDM, SDS, and LIA in EMC ScaleIO version 2.0.1.x. The vulnerability can be...

SunellSecurity NVR / Camera - Denial Of Service

Exploit for hardware platform in category dos / poc Exploit Title: SunellSecurity NVR / Cams - Buffer overflow in CGI Date: 11.2.2016 Exploit Author: qwsj Vendor Homepage: https://github.com/qwsj Version: 1.6.08-09 / 2.0.06-08 Tested on: Windows / Linux Bug in CGI scrypt's for develop. Web servic...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts, 2 modify user accounts, 3 delete user accounts, or 4 stop the product's service...

Linux Service Modification Service Stop (via Splunk)

Binary data 710021.prm...