CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`)

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

PT-2024-31591 · Hoverfly · Hoverfly

Name of the Vulnerable Software and Affected Versions: Hoverfly affected versions not specified Description: The /api/v2/simulation POST handler in Hoverfly allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read...

Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

Real POC published https://github.com/ynwarcs/CVE-2024-38063 and...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

Real POC published https://github.com/ynwarcs/CVE-2024-38063 and...

Living off the land with Bluetooth PAN

TL:DR Bluetooth is enabled by default on the majority of Windows laptops Bluetooth PAN can be used to bridge connections locally between a client laptop and attacking device Attackers can use Microsoft native SSH client to forward out internal network traffic Windows native SSH is accessible to...

Siemens Simcenter Femap Out-of-Bounds Write Vulnerability (CNVD-2024-31241)

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. An out-of-bounds write vulnerability exists in Siemens Simcenter Femap, which can be...

Siemens Simcenter Femap Out-of-Bounds Read Vulnerability

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap suffers from an out-of-bounds read vulnerability that can be...

Siemens OPC UA Server Denial of Service Vulnerability in Various Industrial Products

SIMATIC Energy Manager provides users with a scalable, non-industry-specific energy data management system.SIMATIC IPC DiagBase diagnostic software provides early identification of any potential faults on SIMATIC industrial controllers and helps to avoid or reduce system downtime.SIMATIC IPC...

CVE-2024-39595

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting XSS vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause lo...

CVE-2024-39594

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the...

CVE-2024-39594

The CVE-2024-39594 entry concerns SAP Business Warehouse - Business Planning and Simulation, where the application fails to sufficiently encode user-controlled inputs, causing a Reflected Cross-Site Scripting (XSS) vulnerability. The root cause is insufficient input encoding in the affected compo...

CVE-2024-39594 [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the...

Siemens SIMATIC 安全漏洞

SIMATIC Energy Manager provides users with a scalable, non-industry-specific energy data management system.SIMATIC IPC DiagBase diagnostic software provides early identification of any potential faults on SIMATIC industrial controllers and helps to avoid or reduce system downtime.SIMATIC IPC...

PT-2024-9861 · Sap · Sap Business Warehouse - Business Planning/Simulation

Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse - Business Planning and Simulation affected versions not specified Description: The issue is related to insufficient encoding of user-controlled inputs in the SAP Business Warehouse - Business Planning and Simulation...

PT-2024-9880 · Sap · Sap Business Warehouse - Business Planning/Simulation

Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse - Business Planning and Simulation affected versions not specified Description: The issue is related to Stored Cross-Site Scripting XSS due to insufficient encoding of user-controlled inputs. This allows users to modify...

The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the lack of a mechanism for converting data types, allowing attackers to execute arbitrary code.

The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the lack of a mechanism for converting data types. Exploiting this vulnerability allows attackers to execute arbitrary code using a specially created...

The vulnerability of the analyzer in the MODEL software environment of the simulation modeling tool for systems and processes in Siemens Tecnomatix Plant Simulation allows a perpetrator to execute arbitrary code.

The vulnerability of the MODEL analyzer in the Siemens Tecnomatix Plant Simulation software environment relates to writing beyond buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted MODEL file...

CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...

CVE-2021-47618

In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, before executing...