Monthly Archive: March 2020

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the...

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the...

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At...

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. An attacker can send a specially crafted packet to trigger the parsing of this cache file....

An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap...

IBM Jazz for Service Management 3.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. Date published : 2020-03-23 https://github.com/ravibpatel/AutoUpdater.NET/commit/1dc25f2bea6ea522dbac1512b5563c4746d539c3 https://github.com/ravibpatel/AutoUpdater.NET/releases/tag/v1.5.8

The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. Date published : 2020-03-23 https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty https://medium.com/@victor_14768/replay-attacks-en-autos-206481dcfee1

On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. Date published : 2020-03-23 https://kb.netgear.com/000061738/Security-Advisory-for-Missing-Function-Level-Access-Control-on-GS728TPS-PSV-2020-0012

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands...

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions....

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions....

ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role. Date published : 2020-03-23 https://www.manageengine.com/products/desktop-central/html-injection.html https://www.esecforte.com/responsible-vulnerability-disclosure-cve-2019-15510-manageengine-desktopcentral-v-10-vulnerable-to-html-injection/

An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen...