Aggregator

ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)

ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection

ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy

ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS

ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure

Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)

In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain.

为师生提供无缝、高质量的网络接入服务。

文章从Redis的功能和使用背景出发，分析了Redis不同版本的功能带来的安全漏洞，并提出防护方法。

4月8日，美国国家情报总监办公室发文称：国家情报总监加巴德成立特别工作组，旨在恢复情报界的信任并终止政府针对美国公民的武器化。

A vulnerability classified as critical was found in Rockwell Automation PLC5, SLC5, 0x, RSLogix 1785-Lx and 1747-L5x. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2010-5305. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Intelbras WiFiber 120AC inMesh 1.1-220216. This vulnerability affects unknown code of the component Web Server. The manipulation leads to command injection. This vulnerability was named CVE-2022-40005. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OX Software OX App Suite up to 8.2. Affected by this issue is some unknown functionality of the component HTML E-Mail Message Handler. The manipulation leads to HTML injection. This vulnerability is handled as CVE-2022-29853. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in OX Software OX App Suite up to 8.2. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-29852. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Communications Diameter Signaling Router 8.6.0.0. Affected is an unknown function of the component Platform. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2022-42898. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Communications Network Analytics Data Director 23.1.0. It has been classified as critical. This affects an unknown part of the component Install/Upgrade. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2022-42898. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Oracle MySQL Cluster up to 8.0.34/8.1.0. This vulnerability affects unknown code of the component Cluster. The manipulation leads to integer overflow. This vulnerability was named CVE-2022-42898. The attack can be initiated remotely. There is no exploit available.