Siemens Patches Major PLC Flaw that Bypasses Its ‘Sandbox’ Protection

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-30461
PUBLISHED: 2021-05-29

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.

PUBLISHED: 2021-05-29

Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting multiple times for DoS.

PUBLISHED: 2021-05-29

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.

PUBLISHED: 2021-05-29

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandl…

PUBLISHED: 2021-05-28

### Impact Due to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default remote endpoint (``) rather than the configured remote endpoint. An att…