The vulnerability of the CX-Programmer and micro-programming software of PLC Omron CJ2M and Omron CJ2H lies in the reversibility of the password encoding method. This allows attackers to obtain access passwords to the controllers.

The vulnerability of the development environment “CX-Programmer,” which is part of the software suite “CX-One” designed for programming and configuring Omron PLCs, as well as Omron microcontrollers like CJ2M and CJ2H, is related to the reversibility of the password encoding method. Exploiting thi...

Updated golang packages fix security vulnerabilities

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side CVE-2017-15041. It w...

PrestaShop Cross-Site Scripting Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop version 1.7.2.4. A remote...

YUNUCMS 1.0.6 Arbitrary File Deletion Vulnerability

YUNUCMS is a three-network, open source content management system with its own substation system. YUNUCMS 1.0.6 version of the existence of arbitrary file deletion vulnerability, an attacker can exploit the vulnerability by deleting the install.lock for source code reloading, can delete any file...

Kaseya VSA R9.2 Arbitrary File Read Vulnerability

A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server including source code of Kaseya, the database backups, configuration files, and even...

Kaseya VSA R9.2 Arbitrary File Read

------------------------------------------------------------------------ Arbitrary file read in Kaseya VSA ------------------------------------------------------------------------ Kin Hung Cheng, Robert Hartshorn, May 2017 ------------------------------------------------------------------------...

sdrtrunk - Tool For Decoding, Monitoring, Recording And Streaming Trunked Mobile And Related Radio Protocols Using Software Defined Radios (SDR)

A cross-platform java application for decoding, monitoring, recording and streaming trunked mobile and related radio protocols using Software Defined Radios SDR. Getting Started User's Manual Version 0.3.0 Download Support Figure 1: sdrtrunk Version 0.3.0 Application Screenshot End User...

Code injection

PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages Edit page" screen...

CVE-2018-5681

PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages Edit page" screen...

CVE-2018-5681

PrestaShop 1.7.2.4 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via the Source Code editing option on the Pages > Edit page screen. The issue is documented in CVE-2018-5681 with notes that the vulnerability exists in the 1.7.2.4 release and is disclosed by mu...

CVE-2018-5681

PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages Edit page" screen...

WordPress ACF Frontend Display File Upload

File upload vulnerability in WordPress ACF Frontend Display plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

DedeCMS V5.7 SP2 Has Arbitrary File Read Vulnerability

Weaving dream content management system DedeCms is a PHP open source website management system. DedeCMS V5.7 SP2 version of the filemanageview.php file there are arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the site source code...

WordPress Service Finder Booking File Disclosure

File disclosure vulnerability in Service Finder Booking plugin Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Cloudflare: // (double slash) inside es6 template literals interpreted as an inline comment by the auto-minifier

The following is valid javascript: var a = //; So is this: var url = https://hackerone.com; However, Cloudflare's auto-minifier removes the parts of both lines including and after the //, meaning in production, they look like this: var a = var url = https: This can either straight up break or...

Snapchat: Bitmoji source code is accessible

hi team, I'm starting my research on snapchat by scanning all sub-domains on all the domains in-scope: snapchat.com, bitmoji.com, etc. Let's look at one of the urls, https://rendering-service.prod.us-east.bitstrips.com/ When I request GET https://rendering-service.prod.us-east.bitstrips.com/ The...

[SECURITY] Fedora 27 Update: global-6.5.7-4.fc27

GNU GLOBAL is a source code tag system that works the same way across diverse environments. It supports C, C++, Yacc, Java, PHP and assembler source code...

Path traversal

Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack also known as directory traversal. These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary...

Uber: Configuration and/or source code files on uchat-staging.uberinternal.com can be viewed without OneLogin SSO Authentication

Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. Security Impact Misconfiguration on the server results in information leakage without authentication. Reproduction Steps...

Uber: It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without

Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. Security Impact Misconfiguration on the server results in information leakage without authentication. Reproduction Steps...