Siemens多款产品 资源管理错误漏洞

Siemens SIMATIC ET 200AL and others are products of Siemens, Germany.Siemens SIMATIC ET 200AL is a distributed I/O system module.Siemens SIMATIC ET 200MP is a modular I/O system module for use in control cabinets for high-density channel applications. Siemens SIMATIC ET 200SP is a distributed I/O...

EUVD-2020-13792

Malware in sbrugna...

EUVD-2018-4974

Malware in sbrugna...

Mezzanine allows attackers to bypass access controls via manipulating the Host header

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header...

CVE-2024-25170

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header...

CVE-2024-25169

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request...

CVE-2024-25169

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request...

Design/Logic Flaw

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header...

Design/Logic Flaw

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request...

CVE-2024-25170

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header...

CVE-2024-25170

Mezzanine v6.0.0 contains a vulnerability where attackers can bypass access controls by manipulating the Host header. Descriptions across Red Hat, GHSA, OSV, NVD, and related advisories consistently reference Host header-based bypass with potential unauthorized access to information or systems. T...

CVE-2024-25169

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request...

CVE-2024-25169

The CVE-2024-25169 issue affects Mezzanine v6.0.0, where an attacker can bypass admin-panel access controls through a crafted request, as reported by Red Hat, Veracode, OSV, GHSA, NVD, CNNVD, and others. The consensus description is that an unauthorized user could bypass restrictions in the admin...

CVE-2024-25169

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request...

CVE-2024-25170

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header...

CVE-2023-50175

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page, the Markdown Settings /admin/markdown page, and the Customize /admin/customize page of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser o...

CVE-2023-49598

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

Cross site scripting

Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-33187

CVE-2023-33187 affects Highlight (highlight.run) where passwords could be recorded when a password input is changed to type="text" via a Show Password control. The root cause is that switching input types could bypass obfuscation, allowing password values to be captured. The issue has been fixed ...

CVE-2022-25041

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue...