6 matches found
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Server-Side Request Forgery
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below insecurely forward HTTP requests based on user-controlled values, enabling an unauthenticated user to coerce the web application into sending data to arbitrary locations, such as the SMTP service listening on localhost...
PT-2023-14146 · Siemens · Siplus Logo! 12/24Rce +6
Name of the Vulnerable Software and Affected Versions: LOGO! 12/24RCE versions 8.3 and later LOGO! 12/24RCEo versions 8.3 and later LOGO! 230RCE versions 8.3 and later LOGO! 230RCEo versions 8.3 and later LOGO! 24CE versions 8.3 and later LOGO! 24CEo versions 8.3 and later LOGO! 24RCE versions 8....
CVE-2021-43075
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to...
CVE-2020-14580
Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications Applications component: System Admin. Supported versions that are affected are 8.1.0, 8.2.0 and 8.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH ...
Advantech WebAccess/SCADA Arbitrary Code Execution Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An arbitrary code execution vulnerabili...
Fortinet FortiWLM Command Execution Vulnerability
Fortinet FortiWLM is a wireless network device management platform developed by the U.S. Fiat Fortinet. A security vulnerability exists in the hard-coded password account named 'upgrade' in Fortinet FortiWLM 8.3.0 and prior versions. A remote attacker could exploit this vulnerability to execute...