(Pwn2Own) Phoenix Contact CHARX SEC-3100 Filename Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2022-26247

TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password...

TMS 安全漏洞

TMS is a channel-based team communication and collaboration + lightweight task dashboard by weicheng individual developers. A security vulnerability exists in TMS v2.28.0, which originates from an insecure privilege in the component /TMS/admin/user/Update2. The vulnerability can be exploited to...

Command injection

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management NSM 9.1 9.1.7.75 Update 4 and 9.2 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands...