PT-2013-48: CRLF Injection in Oracle Containers for J2EE

The specialists of the Positive Research center have detected a CRLF Injection vulnerability in Oracle Containers for J2EE. Oracle Containers for J2EE does not properly validate the values from the HTTP headers. An attacker can use a crafted malicious HTTP response and display arbitrary data to t...

PT-2013-49: Null Byte Injection in Oracle Containers for J2EE

The specialists of the Positive Research center have detected a Null Byte Injection vulnerability in Oracle Containers for J2EE. Oracle Containers for J2EE does not properly handle a null byte in the path when transferring a request to another static page or a JSP script via pageContext.forward o...

PT-2013-18: Variables Overwriting in mnoGoSearch

Positive Technologies experts have detected a Cross-Site Scripting vulnerability in mnoGoSearch. Due to incorrect application architecture, all the template variables and variables sent by the client are stored in the same list. This vulnerability allows attackers to overwrite any uninitialized...

PT-2013-11: XML External Entities Injection in Oracle Siebel CRM

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Oracle Siebel CRM. The vulnerability is possible during import of XML files in CRM Siebel. An attacker is able to read an arbitrary file on the target system. How to fix Update your...

PT-2013-42: SQL Injection in Siemens WinCC and SIMATIC PCS 7

The specialists of the Positive Research center have detected "SQL Injection" vulnerability in Siemens WinCC and SIMATIC PCS 7. The WinCC Web Navigator 7.2 and Runtime Client OPC protocol have input filtering in the login screen an attacker can overcome, allowing injection of SQL statements into...

PT-2015-11: Information Disclosure in Siemens SIMATIC WinCC (TIA Portal)

The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Siemens SIMATIC WinCC TIA Portal. Vulnerability exists in the remote management module of WinCC TIA Portal Multi Panels, Comfort Panels, and RT Advanced due to improper encryption of credentia...

PT-2013-35: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal

The specialists of the Positive Research center have detected "Cross-Site Scripting" vulnerability in Siemens Simatic WinCC TIA Portal. The HMI’s web application is susceptible to reflected Cross-Site-Scripting attacks. If a legitimate user clicks on a malicious link, JavaScript code may get...

PT-2013-34: Cross-Site Scripting in Siemens Simatic WinCC TIA Portal

The specialists of the Positive Research center have detected "Cross-Site Scripting" vulnerability in Siemens Simatic WinCC TIA Portal. If a user clicks on a malicious link which seems to lead to a HMI web application, it is possible to display any data to the user server-side script injection. H...

PT-2013-51: Open Redirect Vulnerability in Siemens Simatic WinCC TIA Portal

The specialists of the Positive Research center have detected "Open Redirect" vulnerability in Siemens Simatic WinCC TIA Portal. Open redirect vulnerability in Siemens WinCC TIA Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging...

PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router

Positive Research Center has discovered that password hashing is not implemented in D-Link DIR-300 routers, which allows one to obtain passwords in plain text. How to fix Update your software up to the latest version Update link Advisory status 09.09.2011 - Vendor is notified 09.09.2011 - Vendor...

PT-2009-3226 · Apache +2 · Apache Tomcat +2

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.39 Apache Tomcat versions 5.5.0 through 5.5.27 Apache Tomcat versions 6.0.0 through 6.0.18 Description: The issue allows remote attackers to enumerate valid usernames via requests to "/j security check...

PT-2009-09: Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities

Vulnerability Description Positive Technologies Research Team has discovered multiple priviliege escalation vulnerabilities in Trend Micro products. The IOCTL handler in tmactmon.sys uses the METHODNEITHER communication method for IOCTLs and does not properly validate buffer data associated with...

PT-2008-1088 · Pcre +1 · Pcre Library +1

Name of the Vulnerable Software and Affected Versions: PCRE library versions prior to 7.7 Description: The issue is related to a heap-based buffer overflow in the PCRE library, specifically in the pcre compile.c file. This allows context-dependent attackers to cause a denial of service or possibl...

PT-2001-1770 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The SSH protocols 1 and 2 as implemented in OpenSSH have various weaknesses that can allow a remote attacker to obtain sensitive information via sniffing. This includes password lengths or...

PT-2014-9086

Name of the Vulnerable Software and Affected Versions Bash versions prior to 4.2.45-alt2 Bash versions prior to 3.2.51-alt3 PAN-OS and Panorama versions 5.0.14 and earlier PAN-OS and Panorama versions 5.1.9 and earlier PAN-OS and Panorama versions 6.0.5 and earlier PAN-OS and Panorama versions...

PT-2011-5232 · Linux +4 · Linux Kernel +16

Name of the Vulnerable Software and Affected Versions: openSUSE systemtap-runtime-debuginfo affected versions not specified openSUSE systemtap-sdt-devel affected versions not specified openSUSE systemtap affected versions not specified openSUSE libvmtools0 affected versions not specified Linux...

PT-2026-48817

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

PT-2026-48869

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

PT-2026-48956

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

PT-2026-48944

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

PT-2026-48930

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...

PT-2026-48964

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description Several endpoints in this open-source personal finance application are affected by path traversal, a condition where an attacker can access files and directories that are stored outside the web root...

PT-2026-48933

These are all security issues fixed in the apptainer-1.5.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-48437

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

PT-2026-47840

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS modules versions 3.0, 3.4, 3.5, 3.6, and 4.0 Description When the EVP PKEY derive set peer function is called with a DHX X9.42 peer key, the software fails to properly verify subgroup membership. Specifically, the check Y^q ≡ 1 mo...

PT-2026-48130

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager Forms JEE versions LTS SP1 Adobe Experience Manager Forms JEE versions prior to 6.5.24.0 Description A stored Cross-Site Scripting XSS issue allows an attacker to inject malicious scripts into vulnerable form fields...

PT-2026-47868

Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network...

PT-2026-47933

Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

PT-2026-47920

Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally...

PT-2026-47941

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper limitation of a pathname to a restricted directory, known as path traversal, allows an authorized attacker to execute arbitrary code over a network and affect the...

PT-2026-48103

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally...

PT-2026-48176

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-48202

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48163

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

PT-2026-48235

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

PT-2026-47600

Name of the Vulnerable Software and Affected Versions netty-handler versions prior to 4.1.135.Final netty-handler versions prior to 4.2.15.Final Description An incorrect masking operation in the compareTo function of the IpSubnetFilterRule class allows an attacker to bypass IPv6 subnet rules...

PT-2026-47579

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "r " to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

PT-2026-47545

Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses can bypass the restrictions. Details io.netty.handler.ipfilter.IpSubnetFilterRulecompareTojava.net.InetSocketAddress method performs a bitwise AND...

PT-2026-47229

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrency code parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

PT-2026-47206

A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in...

PT-2026-47203

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password results in sql injection. It is possible to launch the attack remotely. The exploit has been made publi...

PT-2026-47250

Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description An issue exists in the POST Parameter Handler component within the checkUser.php file. Remote manipulation of the Username parameter allows for SQL injection, a technique where...

PT-2026-47249

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

PT-2026-47360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the of unittest changeset function. The variable parent and nchangeset both point to the same struct device node. When of node putnchangeset is called, i...

PT-2026-47168

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been release...

PT-2026-47173

$1,000 of compute found 21 zero-days in FFmpeg. An autonomous agent called depthfirst scanned roughly 1.5 million lines of C, then wrote a reproducible proof-of-concept for every bug it reported. The shift is that second half. Not a list of suspicious lines for a human to chase, but 21 crashing...

PT-2026-47178

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf dump systable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly...

PT-2026-47187

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

PT-2026-47128

Name of the Vulnerable Software and Affected Versions LearnPress – Backup & Migration Tool versions prior to 4.1.5 Description The plugin is susceptible to arbitrary file read through directory traversal, a technique that allows access to files and directories outside the intended folder...