Hitachi Solutions, Ltd. Security Vulnerabilities

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

Bitdefender GravityZone Detection

The remote host is a Bitdefender GravityZone Appliance, an endpoint threat detection...

CVE-2024-3783

The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the...

CVE-2024-3794

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...

SolarWinds Orion Platform Installed (Windows)

SolarWinds Orion Platform is installed on the remote Windows host. Orion is a core component of several network monitoring and management...

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child...

Information Disclosure

coldbox-elixir is vulnerable to Information Disclosure. The vulnerability exists because the library does not securely define environment variables in the defaultConfig.js variable handler, allowing an attacker to access sensitive...

Bitdefender GravityZone User Interface Detection

The remote web server is the user interface for Bitdefender GravityZone, a real-time endpoint threat detection...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

CVE-2023-43320

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

CVE-2024-1067 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses...

CVE-2024-1067

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the...

Support for IBM Cloud for VMware Solutions

Support for IBM Cloud for VMware...

Zinwave Series 3000 DAS Web Interface Detection

The remote host is running the web interface for a Zinwave Series 3000 DAS, a distributed antenna system hardware...

Adobe Digital Editions Installed

Adobe Digital Editions, an electronic book reader application, is installed on the remote...

Adobe Digital Editions Installed (Mac OS X)

Adobe Digital Editions, an electronic book reader application, is installed on the remote Mac OS X...

CVE-2024-38283

Sensitive customer information is stored in the device without...

CVE-2024-38285

Logs storing credentials are insufficiently protected and can be decoded through the use of open source...

Lenovo Mouse Suite Installed

Lenovo Mouse Suite, a software suite for configuring a Lenovo wireless mouse, is installed on the remote Windows...

Lenovo System Update Installed

Lenovo System Update (formerly known as ThinkVantage System Update), a system update utility for Lenovo systems, is installed on the remote Windows...

NetIQ Access Manager Detect

NetIQ Access Manager, a network access administration web application, is present on the remote...

CVE-2024-38282

Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the...

NetIQ Access Manager Detect

NetIQ Access Manager, a network access administration web application, is present on the remote server. It is possible to identify the major version and support pack remotely; however, hotfix information requires valid HTTP login credentials to...

LG LED Assistant Detection

LG LED Assistant, a digital signage management application, is running on the remote...

CVE-2024-38284

Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate...

CVE-2024-38280

An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear...

CVE-2024-38281

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the...

CVE-2022-45962

Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via...

LiveData ICCP Server Detection

ICCP servers are commonly used in electric transmission and generation systems. Many vendors have integrated the LiveData ICCP stack including Advanced Control Systems, Barco, Eliop, GEA-India, Hitachi, Invensys Process Systems, LiveData, LogicaCMG, Ratio Control Central Stations, SPL Worldgroup,.....

CVE-2024-38279

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password...

Kentico CMS Insecure Deserialization Remote Code Execution

Kentico CMS is susceptible to remote code execution via a .NET deserialization...

CVE-2024-3787

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Exploitation of this vulnerability could allow a remote user to execute arbitrary...

CVE-2022-31888

Session Fixation vulnerability in in function login in class.auth.php in osTicket through...

CVE-2024-1977

The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to...

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

CVE-2024-36006

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...

CVE-2024-3784

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary...

CVE-2024-3790

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal...

CVE-2023-48745

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...

CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...

CVE-2023-48745 WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...

CVE-2023-48745

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through...

CVE-2024-3796

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session...

Check Point Endpoint Security SandBlast Agent Installed (macOS)

Check Point Endpoint Security SandBlast Agent which provides unified management, policy enforcement, threat prevention, and detection is installed on the remote macOS...

Exploit for Stack-based Buffer Overflow in Elastic Elasticsearch

Elasticsearch StackOverflow vulnerability A flaw was...

CVE-2024-3781

Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback...