B&R Security Vulnerabilities

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...

CVE-2023-52617

In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past...

CVE-2023-42668

Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local...

Mitsubishi Electric MELSEC iQ-R Series Cleartext Transmission of Sensitive Information (CVE-2021-20599)

Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining...

CVE-2024-0323 FTP uses unsecure encryption mechanisms

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...

CVE-2024-4040 Unauthenticated arbitrary file read and remote code execution in CrushFTP

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

CVE-2022-37341

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2024-21862

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2024-21809

Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local...

HP Power Manager Management Web Server Login RCE Vulnerability

HP Power Manager is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied...

Password Protect SQL Injection

Password Protect is a password protected script allowing you to manage a remote site through an ASP based...

Exploit for Improper Input Validation in Lexmark Cxtpc Firmware

CVE-2023-34362 POCs for credential dumping, reverse shells,...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network...

AlienVault OSSIM Multiple RCE Vulnerabilities

AlienVault OSSIM is prone to multiple remote code execution (RCE)...

CVE-2021-47342

In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak in ext4_fill_super"), after the file system is remounted read-only, there is a race where the kmmpd thread...

Microsoft Exchange Public Folders Information Leak

Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Missing Password Field Masking (CVE-2023-2062)

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

CVE-2024-26671

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(),...

Horde '_formvars' Form Input RCE Vulnerability

Horde is prone to a remote code execution (RCE) ...

D-Link DIR-600/DIR 300 RCE Vulnerabilities

D-Link DIR-600 and DIR 300 products are prone to a remote code execution (RCE) vulnerability. This vulnerability was known to be exploited by the IoT...

Joomla! JooProperty Component SQLi and XSS Vulnerabilities

The JooProperty component for Joomla! is prone to an SQL injection (SQLi) vulnerability and a cross-site scripting (XSS) vulnerability because it fails to properly sanitize user-supplied...

Service Detection with 'GET' Request

This plugin performs service...

Greenbone Security Assistant (GSA) Default Credentials (HTTP)

The remote Greenbone Security Assistant (GSA) is installed / configured in a way that it has account(s) with default passwords...

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

Cisco NX-OS Version

The remote host is running NX-OS, an operating system for Cisco switches. It is possible to read the NX-OS version and Model either through SNMP or by connecting to the switch using...

CVE-2023-41092

Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent...

CVE-2024-26671

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(),...

vBSEO 'proc_deutf()' RCE Vulnerability

vBSEO is prone to a remote code-execution...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a buffered....

HTTP Brute Force Logins With Default Credentials

A number of known default credentials are tried for the login via HTTP Basic Auth. As this VT might run into a timeout the actual reporting of this vulnerability takes place in the ...

VMware ESXi 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0016)

The version of VMware ESXi installed on the remote host is prior to 6.7 P07, or 7.x prior to 7.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2022-0016 advisory: Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow...

Multiple Linksys Devices Multiple RCE Vulnerabilities

Multiple Linksys devices are prone to multiple remote code execution (RCE)...

CVE-2024-4040

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code...

Snitz Forums 2000 HTTP Response Splitting

The remote host is using Snitz Forums 2000 - an ASP based forum/bbs. There is a bug in this software which makes it vulnerable to HTTP response splitting...

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

Comersus BackOffice Lite Administrative Bypass

Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing, default is msaccess, and includes online administration...

Brainkeeper Enterprise Wiki 'search.php' XSS Vulnerability

Brainkeeper Enterprise Wiki is prone to a cross-site scripting (XSS)...

Graphite RCE Vulnerability

Graphite is prone to a remote code execution (RCE) ...

Zoho ManageEngine Support Center Plus Multiple Fields XSS Vulnerabilities

Zoho ManageEngine Support Center Plus is prone to multiple cross-site scripting (XSS)...

CVE-2024-36001

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the pre-flush when appending to a file in writethrough mode In netfs_perform_write(), when the file is marked NETFS_ICTX_WRITETHROUGH or O_SYNC or RWF_SYNC was specified, write-through caching is performed on a...

Squid Proxy Version Detection

The remote host is running the Squid proxy server, an open source proxy server. It was possible to read the version number from the...

ViArt Shop RCE Vulnerability

ViArt Shop is prone to a remote code-execution...

Exploit for Path Traversal in Apache Http Server

CVE-2021-42013: Apache HTTP Server Path Traversal and Remote...

Adobe BlazeDS XML / XXE Injection Vulnerabilities (APSB10-05) - Active Check

Adobe BlazeDS is prone to an XML-injection vulnerability and an XML external entity (XXE) injection...

XWiki Enterprise Multiple Stored XSS Vulnerabilities

XWiki Enterprise is prone to cross-site scripting (XSS) ...

RHEL 5 : hw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) hw: Fast forward store predictor...

Novell NetIQ Privileged User Manager RCE Vulnerability

Novell NetIQ Privileged User Manager is prone to a remote code execution (RCE)...

Solarwinds FSM RCE Vulnerability

Solarwinds Firewall Security Manager is prone to a remote code execution (RCE)...

MoniWiki <= 1.1.5 'login_id' XSS Vulnerability - Active Check

MoniWiki is prone to a cross-site scripting (XSS) ...

TrustPort WebFilter <= 5.5.0.2232 Arbitrary File Access Vulnerability - Active Check

TrustPort WebFilter is prone to an arbitrary file access ...