121 matches found
CVE-2022-2052 TRUMPF TruTops default user accounts vulnerability
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system...
CVE-2022-1794
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...
CVE-2022-1794
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...
PT-2022-14118 · 3S Smart Software Solutions · Codesys Opc Da Server
Name of the Vulnerable Software and Affected Versions: CODESYS OPC DA Server versions prior to V3.5.18.20 Description: The issue concerns the storage of PLC passwords in plain text within the configuration file of the CODESYS OPC DA Server, making these passwords visible to all authorized Microso...
3S-Smart Software Solutions CODESYS 安全漏洞
CODESYS is a controller development system from 3S-Smart Software Solutions, Germany. A security vulnerability exists in 3S-Smart Software Solutions CODESYS OPC DA Server versions prior to V3.5.18.20, which stems from the PLC storing passwords as plain text in its configuration file, which is...
CVE-2022-1794
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...
PT-2022-2258
Name of the Vulnerable Software and Affected Versions 7-Zip versions 21.07 and earlier Description The issue is related to a heap overflow in the 7z.dll library, which can be exploited to escalate privileges. This can be achieved by dragging a specially crafted .7z file to the HelpContents area,...
GHSA-FX95-883V-4Q4H Path traversal in github.com/valyala/fasthttp
The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...
CVE-2022-21221
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...
CVE-2022-21221
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...
Directory traversal
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...
CVE-2022-21221 Directory Traversal
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...
CVE-2022-21221 Directory Traversal
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...
Mageia: Security Advisory (MGASA-2018-0120)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MacOS Being Picked Apart by $49 XLoader Data Stealer
There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service MaaS and stands...
CVE-2021-28550
Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current...
Masslogger Swipes Outlook, Chrome Credentials
Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...
Microsoft Pulls Bad Windows Update After Patch Issue
Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates. Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective...
go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve
The Go project reports: The go command may execute arbitrary code at build time when cgo is in use on Windows. This may occur when running "go get", or any other command that builds code. Only users who build untrusted code and don't execute it are affected. In addition to Windows users, this can...
Design/Logic Flaw
Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...