Tag
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 before 4.6.72.101, from 4.6.73.0 before 4.6.73.101.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
B&R Systems Diagnostics Manager versions above or equal to 3.00 and below or equal to C4.93 suffer from a cross site scripting vulnerability.
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
By Waqas Sophisticated hackers can now breach vulnerable networks and devices at the controller level of critical infrastructure, causing physical damage to crucial assets. This is a post from HackRead.com Read the original post: Controller-level flaws can let hackers physically damage moving bridges
All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme.
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.
A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
A vulnerability has been identified in Solid Edge SE2022 (All versions < V2210Update12), Solid Edge SE2023 (All versions < V2023Update2). The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.