Lucene search
K

8050 matches found

Talos
Talos
added 2023/02/02 12:0 a.m.53 views

Moxa SDS-3008 Series Industrial Ethernet Switch web application stored cross-site scripting vulnerability

Talos Vulnerability Report TALOS-2022-1619 Moxa SDS-3008 Series Industrial Ethernet Switch web application stored cross-site scripting vulnerability February 2, 2023 CVE Number CVE-2022-41313,CVE-2022-41311,CVE-2022-41312 SUMMARY A stored cross-site scripting vulnerability exists in the web...

5.4CVSS5.3AI score0.01084EPSS
Exploits3
Talos
Talos
added 2023/01/26 12:0 a.m.34 views

Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1607 Siretta QUARTZ-GOLD httpd delfile.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-40969 SUMMARY An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020....

8.8CVSS8AI score0.05808EPSS
Exploits1
Talos
Talos
added 2022/10/27 12:0 a.m.37 views

InHand Networks InRouter302 Incorrect fixes privilege escalation vulnerability

Talos Vulnerability Report TALOS-2022-1523 InHand Networks InRouter302 Incorrect fixes privilege escalation vulnerability October 27, 2022 CVE Number CVE-2022-25932 SUMMARY The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are...

9.8CVSS8.7AI score0.00642EPSS
Exploits0
Talos
Talos
added 2022/10/20 12:0 a.m.37 views

Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1553 Abode Systems, Inc. iota All-In-One Security Kit XFINDER information disclosure vulnerability October 20, 2022 CVE Number CVE-2022-29475 SUMMARY An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota...

8.1CVSS5.9AI score0.00562EPSS
Exploits1
Talos
Talos
added 2022/10/14 12:0 a.m.55 views

Robustel R1510 sysupgrade firmware update vulnerability

Talos Vulnerability Report TALOS-2022-1580 Robustel R1510 sysupgrade firmware update vulnerability October 14, 2022 CVE Number CVE-2022-34845 SUMMARY A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can...

6.7CVSS4.8AI score0.00348EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.6 views

PT-2022-22698 · Sap · Sap Iq +1

Name of the Vulnerable Software and Affected Versions: SAP SQL Anywhere version 17.0 SAP IQ version 16.1 Description: The issue allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as a Stack-based buffer overflow. This can potentially lead to remo...

9.8CVSS9.7AI score0.01053EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/06/17 12:0 a.m.90 views

SAP NetWeaver ABAP Improper Access Control (3158375)

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform, from a remote client, for example stopping the SAProuter, that could highly impact...

9.8CVSS8.5AI score0.02062EPSS
Exploits2References3
Talos
Talos
added 2022/06/15 12:0 a.m.58 views

Bachmann Visutec GmbH Atvise License registration information disclosure vulnerability

Summary An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this...

5.9CVSS5.6AI score0.00437EPSS
Exploits0
Talos
Talos
added 2022/05/25 12:0 a.m.67 views

Open Automation Software OAS Platform REST API unauthenticated vulnerability

Summary An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS9.3AI score0.37606EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.30 views

Open Automation Software Platform Engine SecureBrowseFile information disclosure vulnerability

Summary An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger th...

7.5CVSS7.6AI score0.01641EPSS
Exploits1
Talos
Talos
added 2022/05/25 12:0 a.m.43 views

Open Automation Software Platform Engine SecureConfigValues denial of service vulnerability

Summary A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability...

7.5CVSS7.8AI score0.0114EPSS
Exploits1
Talos
Talos
added 2022/05/10 12:0 a.m.46 views

InHand Networks InRouter302 httpd wlscan_ASP OS command injection vulnerability

Summary An OS command injection vulnerability exists in the httpd wlscanASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested...

9.9CVSS8.8AI score0.12477EPSS
Exploits1
Packet Storm
Packet Storm
added 2022/05/04 12:0 a.m.688 views

SAP Web Dispatcher HTTP Request Smuggling

Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher Impact on Business By injecting an HTTP request as a prefix into a victim's request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as...

9.4CVSS9.3AI score0.02686EPSS
Exploits2
Talos
Talos
added 2022/01/26 12:0 a.m.34 views

Reolink RLC-410W hardcoded TLS key information disclosure vulnerability

Summary An information disclosure vulnerability exists due to the hardcoded TLS key of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this...

7.5CVSS5.9AI score0.0089EPSS
Exploits0
Packet Storm
Packet Storm
added 2021/05/31 12:0 a.m.194 views

IPS Community Suite 4.5.4.2 PHP Code Injection

------------------------------------------------------------------------------ IPS Community Suite = 4.5.4.2 previewBlock PHP Code Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

0.1AI score0.19908EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2021/05/28 12:0 a.m.19 views

Cisco SD-WAN Software Signature Verification Bypass (cisco-sa-sdwan-sigverbypass-gPYXd6Mk)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability due to improper verification of digital signatures for patch images. An authenticated, remote attacker with Administrator credentials can exploit this to install a malicious software patch on an...

4.9CVSS5.6AI score0.00398EPSS
Exploits0References3
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.364 views

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The web control panel uses weak set of default administrative credentials no...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/06 12:0 a.m.877 views

IPS Community Suite 4.5.4 SQL Injection

----------------------------------------------------------------------------- IPS Community Suite sortBy == 'popular' 56. 57. \IPS\Request::i-sortDir = \IPS\Request::i-sortDir ?: 'ASC'; 58. $sortBy = 'filerating ' . \IPS\Request::i-sortDir . ', filereviews'; 59. $where = array array 'filerating?'...

0.1AI score0.01407EPSS
Exploits2
Openbugbounty
Openbugbounty
added 2020/09/22 5:20 p.m.16 views

vendiveramente.it Cross Site Scripting vulnerability OBB-1356748

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Samba
Samba
added 2020/09/18 12:0 a.m.778 views

Unauthenticated domain takeover via netlogon ("ZeroLogon")

Description The following applies to Samba used as domain controller only most seriously the Active Directory DC, but also the classic/NT4-style DC. Installations running Samba as a file server only are not directly affected by this flaw, though they may need configuration changes to continue to...

10CVSS7.1AI score0.99512EPSS
Exploits75
Rows per page
Query Builder