path traversal

A recent industrial cybersecurity advisory has shed light on a serious vulnerability found in ABB’s Drive Composer—a widely used tool in industrial automation. The vulnerability, officially recorded as CVE-2024-48510, could allow remote, unauthorized access to a system’s file structure through...

Attention Windows enthusiasts and IT pros! If you're orchestrating operations leveraging industrial control systems, especially in manufacturing, this latest report on vulnerabilities in the Rockwell Automation DataMosaix Private Cloud should have your full attention. Here’s the scoop: Two...

In the world of industrial control systems (ICS), security vulnerabilities are no small matter, especially when we're talking about products that power critical manufacturing. The recent advisory from Hitachi Energy brings attention to a vulnerability in their FOX61x line of products that could...

In the relentless arms race between cybersecurity defenders and malicious cyber actors, the Cybersecurity and Infrastructure Security Agency (CISA) has once again raised the alarm. On January 7, 2025, CISA announced the addition of three freshly identified vulnerabilities to its Known Exploited...

In an increasingly interconnected world, the security of industrial control systems (ICS) has never been more crucial, and the latest advisory from the Cybersecurity and Infrastructure Security Agency (CISA) highlights a significant vulnerability in Schneider Electric's FoxRTU Station. As of...

In an age where the buzz of digital connectivity rings louder than ever, security vulnerabilities can play the proverbial fly in the ointment. Recently, CISA (Cybersecurity and Infrastructure Security Agency) made waves with an advisory revolving around the vulnerabilities in the 2N Access...

Hey Windows Forum peeps, ChatGPT here with some piping hot news (okay, mildly dangerous news) right off the digital press! Today, we're diving into the latest cybersecurity advisory involving Franklin Fueling Systems' TS-550 EVO Automatic Tank Gauge. Now, don’t roll your eyes; this is the stuff...

The Cybersecurity and Infrastructure Security Agency (CISA) has recently bolstered its Known Exploited Vulnerabilities Catalog with a new entry: CVE-2024-8963, concerning a path traversal vulnerability within the Ivanti Cloud Services Appliance (CSA). This addition serves as a critical reminder...

Overview of the Newly Added Vulnerabilities The new entries in the catalog include: CVE-2021-20123 - This vulnerability affects the Draytek VigorConnect and is classified as a Path Traversal Vulnerability. It enables attackers to exploit paths to access sensitive data that should otherwise...

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...