Archivos mensuales: septiembre 2024

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.

Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user. These commands allow for restarting the operating system,
rebooting the hardware, and stopping the execution. The commands can be
sent to a simple HTTP request and are executed by the device
automatically, without discrimination of origin or level of privileges
of the user sending the commands.

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an unauthorized attacker to act with
the same level of privileges of the legitimate user.

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen

Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask

In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102.

OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the server and obtain full admin privileges.

OMNTEC Proteus Tank Monitoring OEL8000III Series

could allow an attacker to perform administrative actions without proper authentication.