CVE-2023-22450

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution...

CVE-2023-22450

CVE-2023-22450 affects Advantech WebAccess/SCADA (v9.1.3 and earlier). The issue is an unrestricted upload of a file with a dangerous type, allowing an ASP script to be uploaded when logged in as a manager, which can lead to arbitrary code execution on the web server. The root cause is lack of pr...

CVE-2023-32540

Affected product: Advantech WebAccess/SCADA (versions 9.1.3 and prior). The vulnerability is an arbitrary file overwrite in the software that could allow overwriting any OS file, injecting code into an XLS file, and changing file extensions, potentially enabling arbitrary code execution. Impact i...

Concrete5 CME v9.1.3 - Xpath injection Vulnerability

Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The URL...