Siemens EN100 Ethernet module & SIPROTEC Merging Unit Denial of Service (CVE-2015-5374)

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Emerson OSE Credentials Management Errors (CVE-2013-0694)

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Siemens SIPROTEC Information Disclosure (CVE-2016-4784)

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens SIPROTEC Information Disclosure (CVE-2016-4785)

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

lsmmdma (>=0.0.4 <=0.1.7), medaka-cpu (>=1.6.0 <=1.7.2) +1 more potentially affected by CVE-2022-23592 via tensorflow-cpu (>=2.7.0 <=2.7.4)

tensorflow-cpu PYPI version =2.7.0, =0.0.4, =1.6.0, =1.7.2 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23592 Source advisory: OSV:PYSEC-2022-101...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23562 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23562 Source advisory: OSV:PYSEC-2022-126...

Russian Gamaredon Hackers Targeted 'Western Government Entity' in Ukraine

The Russia-linked Gamaredon hacking group attempted to compromise an unnamed Western government entity operating in Ukraine last month amidst ongoing geopolitical tensions between the two countries. Palo Alto Networks' Unit 42 threat intelligence team, in a new report publicized on February 3, sa...

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-21736 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-21736 Source advisory: OSV:PYSEC-2022-115...

PHP Unit 4.8.28 Remote Code Execution

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Date: 2022/01/30 Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

PHP Unit 4.8.28 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Date: 2022/01/30 Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...

CVE-2021-22815

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...

CVE-2021-22815

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

CVE-2021-22815

The CVE-2021-22815 entry covers an Information Exposure vulnerability in Schneider Electric NMC/NMC2/NMC3 embedded devices and related APC equipment. Affected products include 1-phase and 3-phase UPS with NMC2/NMC3 (AP9630/9631/9635 on NMC2; AP9640/9641/9643 on NMC3), NMC2/NMC3-based PDUs, XRDP/X...

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

CVE-2021-22811

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply UP...