Aggregator

IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)

Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)

ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting

ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting

ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution

ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)

ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection

ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy

ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS

ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure

Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)

In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain.

为师生提供无缝、高质量的网络接入服务。

文章从Redis的功能和使用背景出发，分析了Redis不同版本的功能带来的安全漏洞，并提出防护方法。

4月8日，美国国家情报总监办公室发文称：国家情报总监加巴德成立特别工作组，旨在恢复情报界的信任并终止政府针对美国公民的武器化。

A vulnerability classified as critical was found in Rockwell Automation PLC5, SLC5, 0x, RSLogix 1785-Lx and 1747-L5x. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2010-5305. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Intelbras WiFiber 120AC inMesh 1.1-220216. This vulnerability affects unknown code of the component Web Server. The manipulation leads to command injection. This vulnerability was named CVE-2022-40005. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.