CVE-2022-45699 : APSYSTEMS ECU-R 5203 ADMINISTRATION INTERFACE TIMEZONE COMMAND INJECTION

Description

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.

References

https://github.com/0xst4n/APSystems-ECU-R-RCE-Timezone

https://www.youtube.com/watch?v=YNeeaDPJOBY

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-1501 : ROCKOA 2.3.2 ACLOUDCOSACTION.PHP.SQL RUNACTION FILEID UNRESTRICTED UPLOAD

CVE-2023-1501 : ROCKOA 2.3.2 ACLOUDCOSACTION.PHP.SQL RUNACTION FILEID UNRESTRICTED UPLOAD

Description A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the

CVE-2023-28116 : CONTIKI-NG UP TO 4.8/4.9 BLE L2CAP MODULE PACKETBUF_SIZE BUFFER OVERFLOW

CVE-2023-28116 : CONTIKI-NG UP TO 4.8/4.9 BLE L2CAP MODULE PACKETBUF_SIZE BUFFER OVERFLOW

Description Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an

CVE-2023-1256 : AVEVA PLANT SCADA/TELEMETRY SERVER IMPROPER AUTHORIZATION

CVE-2023-1256 : AVEVA PLANT SCADA/TELEMETRY SERVER IMPROPER AUTHORIZATION

Description The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which