23 matches found
CVE-2025-10573
Ivanti Endpoint Manager is affected by CVE-2025-10573 (Stored XSS) in versions before 2024 SU4 SR1. The vulnerability allows an unauthenticated attacker to inject JavaScript in the administrator session via crafted device scan data, requiring user interaction to trigger the payload. Several conne...
Ivanti Endpoint Manager 数据伪造问题漏洞
Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. A data forgery issue vulnerability exists in versions prior to Ivanti Endpoint Manager 2024 SU4 SR1 that stems from improper cryptographic signature validation and could lead to remote code execution...
OneVision Workspace 安全漏洞
OneVision Workspace is a software solution for automating PDF workflows from OneVision. A security vulnerability exists in OneVision Workspace versions prior to WS23.1 SR1, which originates from allowing the execution of arbitrary Java EL expressions...
SolarWinds Platform 2024.1 SR1 - Race Condition
Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...
BeyondTrust Privilege Management Security Vulnerability
BeyondTrust Privilege Management is the BeyondTrust Privilege Management tool for Windows and Mac SaaS from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management Windows versions prior to 5.7 SR1, which stems from the possibility of bypassing publisher application...
CVE-2023-5523
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution...
CVE-2023-2325
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...
PT-2023-32154 · M Files · M-Files Web Companion
Name of the Vulnerable Software and Affected Versions: M-Files Web Companion versions prior to 23.10 M-Files Web Companion LTS Service Release Versions prior to 23.8 LTS SR1 Description: The issue is related to insufficient blacklisting in M-Files Web Companion, allowing Remote Code Execution via...
CVE-2013-1593
A Denial of Service vulnerability exists in the WRITEC function in the msgserver.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN...
Rockwellautomation Rslinx Integer Overflow or Wraparound
Rockwell Automation RSLinx Enterprise Software LogReceiver.exe CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a...
Rockwellautomation Rslinx Out-of-bounds Read
Rockwell Automation RSLinx Enterprise Software LogReceiver.exe CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram...
CVE-2013-2806
Rockwell Automation RSLinx Enterprise Software LogReceiver.exe CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a...
CVE-2013-2806
Rockwell Automation RSLinx Enterprise Software LogReceiver.exe CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a...
CVE-2019-1766 Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability
A vulnerability in the web-based management interface of Session Initiation Protocol SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability exists because the...
CVE-2017-1000357
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 Lithium-SR3, 3.4 Lithium-SR4, 4.0...
CVE-2015-1916
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...
CVE-2015-1916
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...
Autodesk VRED contains an unauthenticated remote code execution vulnerability
Overview Autodesk VRED contains an unauthenticated remote code execution vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection': Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability...
CVE-2012-4715
Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a UDP packet with a certain integer...
CVE-2012-4714
Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform FTSP CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service service outage or RNADiagReceiver.exe daemon crash via UDP data th...