header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) File Write Denial of Service (DoS)

The ABB Cylon Aspect BMS/BAS controller through webServerDeviceLabelUpdate.php script allows authenticated attackers to inject arbitrary content via the 'deviceLabel' POST parameter, leading to writing content to a fixed file location (/usr/local/aam/etc/deviceLabel) and potentially causing denial of service.

6.1
CVSS
HIGH
Arbitrary Content Injection
20
CWE
Product Name
ASPECT Building Energy Management and Control Solution
Platforms Tested
GNU/Linux, Intel processors, PHP, AspectFT Automation Application Server, lighttpd, Apache, OpenJDK, ErgoTech MIX Deployment Server
Affected Version
From:
NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware version 3.08.03 and below
To:
03.08.03
2024
Show More

Arbitrary Content Injection in Evolution

An attacker can exploit a weakness in Evolution to add arbitrary content into a GnuPG signed and/or encrypted message. This vulnerability is due to the weakness discussed in BID 22757 (GnuPG Signed Message Arbitrary Content Injection Weakness) and has been assigned its own BID because of the specific way that Evolution uses GnuPG.

N/A
CVSS
N/A
Arbitrary Content Injection
Unknown
CWE
Product Name
Evolution
Platforms Tested
Unknown
Affected Version
From:
Unknown
To:
Unknown
Unknown
Show More

Arbitrary Content Injection in KMail

The vulnerability allows an attacker to add arbitrary content into a GnuPG signed and/or encrypted message without the end user knowing. This vulnerability is due to the weakness discussed in BID 22757 (GnuPG Signed Message Arbitrary Content Injection Weakness) and has been assigned its own BID because of the specific way that KMail uses GnuPG.

5.5
CVSS
MEDIUM
Arbitrary Content Injection
CWE
Product Name
KMail
Platforms Tested
Affected Version
From:
KMail versions prior to and including 1.9.5
To:
KMail versions prior to and including 1.9.5
Unknown

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≀ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR