Improper access control

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...

CVE-2020-29551

An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...

Unauthorized Container Shutdown In ServerMigrationCoordinator

Application: Oracle PeopleSoft Versions Affected: PeopleSoft FSCM 9.2 Vendor: Oracle Bug: Missing Authentication for Critical Function Reported: 16.03.2017 Vendor response: 17.03.2017 Date of Public Advisory: 18.07.2017 Reference: Oracle CPU July 2017 Authors: Vahagn Vardanyan ERPScan VULNERABILI...

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

Design/Logic Flaw

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

CVE-2017-5153

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords...

CVE-2017-5153

The CVE-2017-5153 issue affects OSIsoft PI Coresight 2016 R2 and earlier, and PI Web API 2016 R2 when deployed with the PI AF Services 2016 R2 integrated installer. It is an information exposure vulnerability through server log files that may allow exposure of service account passwords, potential...

CVE-2017-5136

An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system...

OSIsoft PI Coresight and PI Web API

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following versions: PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed usi...

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.5 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.5 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common...