Beckhoff TwinCAT/BSD 安全漏洞

Beckhoff TwinCAT/BSD is a new operating system from Beckhoff. A security vulnerability exists in Beckhoff TwinCAT/BSD, which stems from an MPD package that allows an authenticated, low-privileged local attacker to induce a denial of service state in the daemon via a carefully constructed HTTP...

The vulnerability of the microprogramming software in routers like Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters allows a hacker to read arbitrary files within the system.

The vulnerability of the Vonets Industrial WiFi Bridge Relays and WiFi Bridge Repeaters exists due to a validation error in processing directory traversal sequences. Exploiting this vulnerability allows an attacker to read arbitrary files in the system using a specially created HTTP request...

UBUNTU-CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

CVE-2024-43032

autMan v2.9.6 allows attackers to bypass authentication via a crafted web request...

CVE-2024-43032

autMan v2.9.6 allows attackers to bypass authentication via a crafted web request...

SPIP 安全漏洞

SPIP is a free software for creating Internet sites from the SPIP open source. A security vulnerability exists in SPIP that stems from vulnerability to arbitrary code execution vulnerability, where a remote, unauthenticated attacker can execute arbitrary PHP as a SPIP user by sending a crafted HT...

autMan 安全漏洞

autMan is a powerful automation software system from autMan, Inc. A security vulnerability exists in autMan version v2.9.6, which stems from a vulnerability that allows an attacker to bypass authentication via a crafted Web request...

PT-2024-30263 · Autman · Autman

Name of the Vulnerable Software and Affected Versions: autMan version 2.9.6 Description: The issue allows attackers to bypass authentication via a crafted web request. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents whe...

CVE-2024-43032

autMan v2.9.6 allows attackers to bypass authentication via a crafted web request...

CVE-2024-43032

autMan v2.9.6 is described as vulnerable to an authentication bypass triggered by a crafted web request. The sources consistently identify autMan 2.9.6 as affected, but do not provide concrete root-cause details, affected components, or a documented fix/version that contains a patch. Practical im...

CVE-2024-43032

autMan v2.9.6 allows attackers to bypass authentication via a crafted web request...

The vulnerability of the WSGI-server Gunicorn, related to defects in HTTP request processing, allows attackers to circumvent existing security restrictions and execute a “HTTP request hijacking” attack.

The vulnerability of the WSGI-server Gunicorn is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and carry out an “HTTP request hijacking” attack...

Tenda FH1206 安全漏洞

Tenda FH1206 is a dual-band wireless router from Tenda, designed for large homes with fiber optics. The Tenda FH1206 suffers from a command execution vulnerability that originates from an arbitrary command execution vulnerability contained in the handler parameter of the /goform/telnet file, whic...

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

PT-2024-40831 · Git +1 · Lwan

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a segmentation fault on an unknown address. The crash occurs in the lwan request get cookie function, which is...

IBM Datacap Navigator 安全漏洞

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that originates from displaying version information in an HTTP request, which can be exploited by an attacker to gather information...

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

The vulnerability of the “Updates Service” software, which allows a hacker to gain access to read local files.

The vulnerability of the “Updates Service” software’s web request handler lies in the lack of limits on authentication attempts. Exploiting this vulnerability can allow a malicious actor to gain read access to local files...