54 matches found
Command injection
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
CVE-2022-46306 ChangingTec ServiSign - Path Traversal
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files...
CVE-2022-46306
CVE-2022-46306 affects ChangingTec ServiSign. The vulnerability is a path traversal caused by insufficient filtering of special characters in the DLL file path, enabling an unauthenticated attacker to host a malicious website that causes the component to load arbitrary DLL files, potentially enab...
CVE-2022-46306 ChangingTec ServiSign - Path Traversal
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files...
Code injection
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...
CVE-2022-41675 TEAM JOHNLONG SOFTWARE CO., LTD. MAILD Mail Server - Formula Injection
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the...
CVE-2022-26674
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service...
Mitsubishi Electric GOT products (CVE-2021-20601)
Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote...
CVE-2021-20601
Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote...
in frangoteam/fuxa
✍️ Description This endpoint handler performs a file system operation and does not use a rate-limiting mechanism. 🕵️♂️ Proof of Concept fs.writeFileSyncruntime.settings.userSettingsFile, JSON.stringifyreq.body, null, 4; mergeUserSettingsreq.body; res.end; FIx Consider using a rate-limiting...
Information disclosure
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...
Chinese Hackers Targeted India's Power Grid Amid Geopolitical Tensions
Amid heightened border tensions between India and China, cybersecurity researchers have revealed a concerted campaign against India's critical infrastructure, including the nation's power grid, from Chinese state-sponsored groups. The attacks, which coincided with the standoff between the two...
CVE-2020-1848
There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185C00R2P1. Local attackers construct malicious application files, causing system applications to run abnormally...
[SECURITY] Fedora 16 Update: systemtap-1.7-2.fc16
SystemTap is an instrumentation system for systems running Linux. Developers can write instrumentation scripts to collect data on the operation of the system. The base systemtap package contains/requires the components needed to locally develop and execute systemtap scripts...