Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. Date published : 2022-05-27 https://www.deltacontrols.com/ https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5702.php
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. Date published : 2022-05-27 https://www.ict.co/...
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. Date published :...
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted...
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. Date published : 2022-05-27 https://www.ict.co/ https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5700.php
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. Date published :...
Verizon 4G LTE Network Extender GA4.38 – V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. Date published : 2022-05-27...
Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. Date published : 2022-05-27 https://github.com/unicorn-engine/unicorn/commit/5a79d7879ca3ee0ce684ad6576d8ac15e8d90fc7 https://github.com/unicorn-engine/unicorn/issues/1595
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. Date published : 2022-05-27 https://github.com/unicorn-engine/unicorn/commit/3d3deac5e6d38602b689c4fef5dac004f07a2e63 https://github.com/unicorn-engine/unicorn/issues/1588
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. Date published : 2022-05-27 https://github.com/unicorn-engine/unicorn/commit/469fc4c35a0cfabdbefb158e22d145f4ee6f77b9 https://github.com/unicorn-engine/unicorn/issues/1586
Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. Date published : 2022-05-27 https://github.com/unicorn-engine/unicorn/issues/1578
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. Date published :...
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. Date published : 2022-05-27 https://github.com/nsparker1337/OpenSource/blob/main/exploit_idor.md
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . Date published : 2022-05-27 https://github.com/TheGetch/CVE-2022-29598 https://solutions-atlantic.com/rrs/