PT-2026-26977

Name of the Vulnerable Software and Affected Versions PuTTY version 0.83 Description A flaw exists in the Ed25519 Signature Handler component, specifically within the eddsa verify function of the crypto/ecc-ssh.c file. This issue involves improper verification of cryptographic signatures and can ...

Yifan YF325 httpd nvram.cgi authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...

Bachmann Visutec GmbH Atvise License registration information disclosure vulnerability

Summary An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this...

Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...

Open Automation Software OAS Platform REST API unauthenticated vulnerability

Summary An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning

Exploit for php platform in category web applications ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugins t...

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

Bigware Shop SQL Injection

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

Vmware vSphere Management Assistant &#40;vMA&#41; - Local Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...

Vmware vSphere Management Assistant (vMA) Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...

Imperva SecureSphere SQL Injection Filter Bypass

======================================================================= Imperva SecureSphere - SQL injection filter bypass ======================================================================= Affected Software : SecureSphere Web Application Firewall WAF Severity : High Local/Remote : Remote...

Simple PHP Blog Multiple Vulnerabilities

Secure Network - Security Research Advisory Vuln name: Simple PHP Blog Multiple Vulnerabilities Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions Systems not affected: - Severity: Medium Local/Remote: Remote Vendor URL: http://www.simplephpblog.com/ Authors:...

Vulnerability discovered in SpearHead NetGap

Background --------------- SpearHead's NetGAP™ appliance physically disconnects a company's network from the Internet. The product consists of two separate computers, an Untrusted CPU and a Trusted CPU, that are never directly connected at any given time. NetGap™ includes a content checking engin...

def-2001-11: MDaemon 3.5.4 Dos-Device DoS

====================================================================== Defcom Labs Advisory def-2001-11 MDaemon 3.5.4 Dos-Device DoS Author: Peter Grьndl [email protected] Release Date: 2001-03-15 ======================================================================...