Code injection

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2022-23046

CVE-2022-23046 : PhpIPAM v1.4.4 enables an authenticated admin to inject SQL via the subnet parameter when searching in app/admin/routing/edit-bgp-mapping-search.php. Root cause is SQL injection reachable through the subnet field with authenticated access, potentially exposing database informatio...

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

CVE-2021-23842 Use of Hard-coded Cryptographic Key

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and...

phpIPAM SQL注入漏洞

phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in PhpIPAM v1.4.4, which originates from an authenticated administrator user being able to insert SQL statements in the subnet parameter when searching for subnets via...

Vpn Plugin replacing destination IP with 0.0.0.0 for the 172.16.0.0/16 subnet - Spoofed IP to original IP.

ADC - While using VPN Plugin to access intranet resources, addresses for the subnet 172.16.0.0/16 are replaced by spoofed IP with a message similar to this: "Replaced the spoofed ip 172.16.10.10to original IP 0.0.0.0 in ICMP packet" And the traffic never reaches the destination...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

Information disclosure

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

CVE-2021-3791

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password...

Fortinet FortiOS Default Configuration Vulnerability

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

CVE-2021-31371

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the...

Information disclosure

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an QFX5000 Series switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the...

Juniper Networks Junos OS 信息泄露漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. An information disclosure vulnerability exists in Juniper Networks Junos OS that originates from Juniper...

CVE-2021-33716

A vulnerability has been identified in SIMATIC CP 1543-1 incl. SIPLUS variants All versions V3.0, SIMATIC CP 1545-1 All versions V1.1. An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext...

CVE-2021-33716

The CVE-2021-33716 issue affects Siemens SIMATIC CP 1543-1 (incl. SIPLUS variants) and CP 1545-1. Affected versions: CP 1543-1 before v3.0 and CP 1545-1 before v1.1. Root cause: cleartext storage of sensitive information that can be retrieved by an attacker with subnet access. Impact: exposure of...

CVE-2021-33716

A vulnerability has been identified in SIMATIC CP 1543-1 incl. SIPLUS variants All versions V3.0, SIMATIC CP 1545-1 All versions V1.1. An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext...

PT-2021-20292 · Siemens · Simatic Cp 1545-1 +1

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1543-1 incl. SIPLUS variants versions prior to V3.0 SIMATIC CP 1545-1 versions prior to V1.1 Description: A vulnerability has been identified that allows an attacker with access to the subnet of the affected device to retrieve...

Siemens SIMATIC CP (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP 1543-1 incl. SIPLUS variants and SIMATIC CP 1545-1 Vulnerability: Cleartext Storage of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to...

ISC BIND Winsock API Vulnerability (CVE-2013-6230) - Windows

ISC BIND is prone to a vulnerability in the Winsock API. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...