Daily Archives: May 28, 2024

Advisories

ZDI-24-516: Progress Software WhatsUp Gold HttpContentActiveController Server-Side Request Forgery Information Disclosure Vulnerability

Read Time:13 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-4562.

Read More

Advisories

SEC Consult SA-20240527-0 :: Multiple vulnerabilities in HAWKI didactic interface

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27

SEC Consult Vulnerability Lab Security Advisory < 20240527-0 >
=======================================================================
title: Multiple vulnerabilities
product: HAWKI (Interaction Design Team at the University of Applied
Sciences and Arts in Hildesheim/Germany)
vulnerable version: 1.0.0-beta.1, versions before commit 146967f
    fixed version: Github commit 146967f…

Read More

Advisories

SEC Consult SA-20240524-0 :: Exposed Serial Shell on multiple PLCs in Siemens CP-XXXX Series

Read Time:18 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27

SEC Consult Vulnerability Lab Security Advisory < 20240524-0 >
=======================================================================
title: Exposed Serial Shell on multiple PLCs
product: Siemens CP-XXXX Series (CP-2014, CP-2016, CP-2017, CP-2019, CP-5014)
vulnerable version: All hardware revisions
fixed version: Hardware is EOL, no fix
CVE number: –
impact: Low…

Read More