#auth

Covid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.

Car Rental Management System version 1.0 suffers from a cross site scripting vulnerability.

BloodBank version 1.1 suffers from an ignored default credential vulnerability.

Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.

FlatPress version 1.3.1 suffers from a path traversal vulnerability.

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: Siemens Equipment: LOGO! V8.3 BM Devices Vulnerability: Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with physical access to an affected device to extract user-set passwords from an embedded storage IC. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siemens LOGO! 12/24RCE (6ED1052-1MD08-0BA1): All versions Siemens LOGO! 12/24RCEo (6ED1052-2MD08-0BA1): All versions Siemens LOGO! 24CE (6ED1052-1CC08-0BA1): All versions Siemens LOGO! 24CEo (6ED1052-2CC08-0BA1): All versions Sie...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption, Out-of-bounds Read, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Privilege Dropping / Lowering Errors, Allocation of Resources Without Limits or Throttling, Execution with Unnecessary Privileges, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Authorization 2. RIS...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Location Intelligence Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read and modify data passed over the connection between legitimate clients and the affected product or brute force user passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Location Intelligence, a web-based application software, are affected: Location Intelligence: All ve...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: INTRALOG WMS Vulnerabilities: Cleartext Transmission of Sensitive Information, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an unauthenticated attacker located in the INTRALOG WMS network to decrypt and modify client-server communication, or potentially execute arbitrary code on the application servers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Siemens INTRALOG WMS, are affected: Siemens INTRALOG WMS: Versions prior to V4 3.2 Vulnerability Overview 3.2.1 CLEARTEXT TRANSMISSION OF...