Wiesemann & Theis Security Vulnerabilities

Openshift Authentication - Failed to authenticate: oidc: failed to get token: oauth2: cannot fetch token

Theis issue is observed when the token provided while configuring oAuth does not match with the service account...

CVE-2024-25552 Wiesemann & Theis: Multiple products prone to unquoted search path

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected...

Wiesemann & Theis GmbH W&T OPC Server Detection (Windows SMB Login)

Detects the installed version of Wiesemann & Theis GmbH W&T OPC Server for...

OS Identification : HTML

Nessus was able to identify the remote operating system by examining the HTML returned from certain HTTP...

Authentication flaw

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...

CVE-2022-4098

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...

CVE-2022-4098

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...

CVE-2022-42786

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration...

CVE-2022-4098 Wiesemann & Theis: Multiple products prone to missing authentication through spoofing

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...

CVE-2022-42787 Wiesemann & Theis: Small number space for allocating session id in Com-Server family

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

CVE-2022-42787

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

CVE-2022-42785

Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET...

CVE-2022-42785 Wiesemann & Theis: Authentication bypass in Com-Server family

Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET...

CVE-2022-42786 Wiesemann & Theis: XSS vulnerability in web interface of the Com-Server family

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration...

Steam Patched Broken Crypto in Wake of Replay, Padding Oracle Attacks

The digital gaming platform Steam was quick to patch a cryptographic issue in its client recently that could have allowed an attacker to read sensitive information sent over its network, take over an account, or view plain-text passwords. Valve, the Bellevue, Wash.-based video game developer that.....

Buffalo NAS Remote Shutdown

...

[email protected]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:062 http://www.mandriva.com/security/ Package : curl Date : March 19, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0, Multi...

Mandriva Update for curl MDVSA-2010:062 (curl)

Check for the Version of...

Mandriva Update for curl MDVSA-2010:062 (curl)

Check for the Version of...

Mandriva Linux Security Advisory : curl (MDVSA-2010:062)

A vulnerability has been found and corrected in curl : content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a...

OS Identification : SNMP sysObjectID

The remote operating system can be identified by querying its sysObjectID object using...