Path traversal

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...

CVE-2021-31521

The CVE-2021-31521 issue affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5, specifically the Captive Portal, where user-supplied data in the portal can trigger a reflected XSS. Public records timestamped across multiple feeds describe the root cause as inadequate sanitizati...

CVE-2020-23834

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem...

Design/Logic Flaw

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem...

ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability EMC Identifier: ESA-2012-039 CVE Identifier: CVE-2012-2289 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: EMC ApplicationXtender Desktop 6...

Tech-ex v6. 5 CMS Oday-vulnerability warning-the black bar safety net

Background: writing website kesion directory such as http://localhost cookies: after login to grab the USER's COOKIES Account password: after registration you can log in as normal user name and password Code: the login code, grab the figure after the fill The operation,first enter the site,first...