Category Archives: Advisories

SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 12

SEC Consult Vulnerability Lab Security Advisory < 20241112-0 >
=======================================================================
title: Multiple vulnerabilities
product: Siemens Energy Omnivise T3000
vulnerable version: >=8.2 SP3
fixed version: see solution section
CVE number: CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879
impact: High…

Read More

Security issue in the TX Text Control .NET Server for ASP.NET.

Read Time:22 Second

Posted by Filip Palian on Nov 12

Hej,

Let’s keep it short …

=====

Intro

=====

A “sudo make me a sandwich” security issue has been identified in the TX
Text

Control .NET Server for ASP.NET[1].

According to the vendor[2], “the most powerful, MS Word compatible document

editor that runs in all browsers”.

Likely all versions are affected however, it was not confirmed.

=====

Issue

=====

It was possible to change the configured system path for…

Read More

Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Remote Code Execution

Read Time:27 Second

Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More