CVE-2020-10245

by JeremyUncategorizedPosted on Comments are Disabled

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

CVE-2020-10245

by JeremyUncategorizedPosted on Comments are Disabled

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

CVE-2020-10245

by JeremyUncategorizedPosted on Comments are Disabled

CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.

CVE-2020-10966

by JeremyUncategorizedPosted on Comments are Disabled

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

CVE-2020-10966

by JeremyUncategorizedPosted on Comments are Disabled

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

CVE-2020-10966

by JeremyUncategorizedPosted on Comments are Disabled

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

CVE-2020-10966

by JeremyUncategorizedPosted on Comments are Disabled

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

CVE-2020-10966

by JeremyUncategorizedPosted on Comments are Disabled

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel through 1.1.0, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

CVE-2020-9520

by JeremyUncategorizedPosted on Comments are Disabled

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of …

Read more “CVE-2020-9520”

CVE-2020-9520

by JeremyUncategorizedPosted on Comments are Disabled

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of …

Read more “CVE-2020-9520”