EUVD-2024-55574

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SA82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SD82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SJ81 CP150 All versions = V7.80, SIPROT...

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View SE Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user from a remote...

Rockwell Automation FactoryTalk View Site Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Site Edition Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the...

CVE-2022-37709

Tesla Model 3 V11.02022.4.5.1 6b701552d7a6 Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging...

CVE-2020-24442

Adobe Connect 11.0 and earlier are affected by a reflected Cross‑Site Scripting (XSS) vulnerability (CVE-2020-24442). An attacker can lure a user to a crafted URL referencing a vulnerable page, causing malicious JavaScript to execute in the victim’s browser. Affected product/version: Adobe Connec...

CVE-2020-6992

A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an...

CVE-2017-7953

INFOR EAM V11.0 Build 201410 has XSS via comment fields...

Sql injection

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter...

Design/Logic Flaw

INFOR EAM V11.0 Build 201410 has XSS via comment fields...

CVE-2017-7952

INFOR EAM V11.0 Build 201410 contains an SQL injection in search/filter functionality related to the filtervalue parameter. Multiple connected sources (e.g., CVE-2017-7952 records, exploitation writeups, CNVD/PRION entries) describe a vulnerability where user-controlled filtervalue can be crafted...

CVE-2017-7953

INFOR EAM V11.0 Build 201410 has XSS via comment fields...

CVE-2017-7952

INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter...

CVE-2017-7953

CVE-2017-7953 concerns INFOR EAM v11.0 Build 201410, which is affected by a stored cross-site scripting (XSS) vulnerability in the comments feature. The connected sources describe injecting JavaScript into the Comments tab to trigger XSS for any authenticated user who views a comment, enabling po...

ManageEngine OpManager / Social IT - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager / Social IT Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...