CVE-2018-12635

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs...

EUVD-2018-4591

Malware in sbrugna...

Frontrunning PublicLock.initialize() can prevent upgrades due to insufficient access control

Handle elprofesor Vulnerability details Impact The unlock protocols base contract Unlock.sol uses setLocktemplate to initialize the implementation contract for the PublicLock proxy. This function will initialize the relevant PublicLock contract which has been deployed separately...

CVE-2018-12635

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs...

Design/Logic Flaw

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs...

CVE-2018-12635

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs...

CVE-2018-12635

CirCarLife Scada v4.2.4 is affected by an unauthorized upgrade vulnerability, exploitable via requests to html/upgrade.html and services/system/firmware.upgrade URIs. The provided documents describe the issue as an ability to perform upgrades without authorization, but do not specify the underlyi...

Design/Logic Flaw

The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges...