27 matches found
EUVD-2001-0714
Malware in sbrugna...
EUVD-2018-10592
Malware in sbrugna...
EUVD-2022-46557
Malicious code in bioql PyPI...
CVE-2023-22940
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language SPL command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the...
PT-2023-18777 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows a search to bypass safeguards for risky commands using the pivot search processing...
PT-2023-18786 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: A cross-site request forgery in the Splunk Secure Gateway SSG app in the 'kvstore client' REST endpoi...
PT-2023-18784 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue concerns aliases of the collect search processing language SPL command, including...
Wake up and smell the Javascript – website supply chain puts online retail at risk
There are more than 1.8 billion websites online today, and almost 98% of them are powered by JavaScript. There’s a good reason for this: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But what happens when that same functionality...
ECOA Building Automation System - Configuration Download Information Disclosure
Exploit Title: ECOA Building Automation System - Configuration Download Information Disclosure Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Configuration Download Information Disclosure Vendor: ECOA Technologies Corp. Produc...
ECOA Building Automation System Cookie Poisoning / Authentication Bypass
ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System -...
ECOA Building Automation System Hardcoded SSH Credentials
ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1...
ECOA Building Automation System Cross Site Request Forgery Vulnerability
ECOA building automation systems suffer from a cross site request forgery vulnerability. Many versions are affected. ECOA Building Automation System Cross-Site Request Forgery Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - E...
ECOA Building Automation System Remote Privilege Escalation
ECOA Building Automation System Remote Privilege Escalation Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...
CVE-2014-8362
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface...
Dahua DVR Authentication Bypass - CVE-2013-6117
Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd. http://www.dahuasecurity.com --Affects-- Dahua web-enabled DVRs Dahua-rebranded web-enabled...
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass (Metasploit)
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass Metasploit Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd...
GIT gitweb git_snapshot / git_object Shell Metacharacter Arbitrary Command Execution
The version of gitweb, a web-enabled interface to the open source distributed version control system Git, hosted on the remote web server fails to sanitize user-supplied input to the 'gitweb.cgi' script of shell metacharacters before passing it to a shell. An unauthenticated, remote attacker can...
InstallShield InstallFromTheWeb ActiveX Control Multiple Overflows
InstallFromTheWeb IFTW, a web-enabled software installation product from InstallShield, is installed on the remote host. The version of InstallFromTheWeb on the remote host includes an ActiveX control that is reportedly affected by multiple and, as yet, unspecified buffer overflow vulnerabilities...
JavaScript code can cause the browser attack-vulnerability warning-the black bar safety net
Security researchers have found a Use JavaScript to scan the family and the enterprise network, and attacks on the network server, and the router and printer and other equipment of the method. Researchers say the malicious JavaScript code can be embedded in a Web page, use the browser to browse t...
Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability
Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability July 10, 2006 Product Overview: The Juniper Networks Redline DX application acceleration platform delivers a complete data center acceleration solution for web-enabled and IP-based business applications. Vulnerability...