#vulnerability

The ABB BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'Footer' HTTP POST parameter called by the caldavUtil.php script.

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'timeserver' HTTP POST parameter called by the setTimeServer.php script.

The building management system suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'logFile' GET parameter via the 'logYumLookup.php' script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Perfctl malware is hard to detect, persists after reboots, and can perform a breadth of malicious activities.

A foreign government is believed to have hacked into the Dutch police force’s systems, exposing the contact details…

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.

ABB Cylon Aspect version 3.07.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the downloadDb.php script is not properly verified before being used to download database files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Ubuntu Security Notice 7053-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or potentially leak sensitive information. These vulnerabilities included heap and stack-based buffer overflows, memory leaks, and improper handling of uninitialized values.

Debian Linux Security Advisory 5782-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.