Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
1f4ca9c99499e4b0297302a26037d992679a7eb1d2c0d0b3b0698bafec7a14ccElber Wayber Analog/Digital Audio STL version 4.00 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.suffers from a bypass vulnerability.
a8be311ea8bd5716cfaf9d9ff03921fd4ed851241b2631c9ed01cc72407d6cd5Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
732e89c4d7c762b1e07463f187d3f8108448d799f0b2758484573c4b30793c25Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
83741fb5f4f7b681078f0f0aabdad5e51a82d40ac4c86d1cf8609032649927cbElber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
67d45ea700951600af178d1f85ea7278844c202822bf7c0658dfaf91b222e908Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
c2417b5039d600504ceb0e6c879a84ed9fa871b7b6f5e5cc38ae49fcdd200170Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
77061cc166718763551c4d6d463e2cbc76a772e04ed4a0acfdf893965b4476cbElber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
055664930200e432744c2fe93d040213de69b2cc7bd67a68df70afa259bd9b24Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
a259836c2010557736c6c674d0ca15f441385152927583f06374e38fb067306fElber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
9ceffe5b49bd3badfd5ead7c79b69103e029d8dd57cc256606f884dc51678833Relate learning and teaching system versions prior to 2024.1 suffer from a persistent cross site scripting vulnerability.
3a5eecac3aca18d20a7a031bd440baad2966d7f4f2e4228a13dd171b4d91f376Palo Alto OS was recently hit by a command injection zero day attack. These are exploitation details related to the zero day.
d03a8781f559271cf9b0357b2f4175728dea72a07e8c80018aea6ad57dd5005cThis is a scanning script to validate vulnerable Palo Alto OS systems for the recent zero day command injection vulnerability.
598a7a82abf19bafc0d92036ceedf6035be85e2bd71ac504bb9370863336dd2bpgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target application. This exploit supports two techniques by which the payload can be loaded, depending on whether or not credentials are specified. If valid credentials are provided, Metasploit will login to pgAdmin and upload a payload object using pgAdmin's file management plugin. Once uploaded, this payload is executed via the path traversal before being deleted using the file management plugin. This technique works for both Linux and Windows targets. If no credentials are provided, Metasploit will start an SMB server and attempt to trigger loading the payload via a UNC path. This technique only works for Windows targets. For Windows 10 v1709 (Redstone 3) and later, it also requires that insecure outbound guest access be enabled. Tested on pgAdmin 8.3 on Linux, 7.7 on Linux, 7.0 on Linux, and 8.3 on Windows. The file management plugin underwent changes in the 6.x versions and therefore, pgAdmin versions below 7.0 cannot utilize the authenticated technique whereby a payload is uploaded.
841d670fe90193388942d1169f9624f5fb5ef8dcf21530ef2dc60444dccc5377Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.
32edf47bda897a0471a7ffbf6db742832e71820e9d55f2a6b95b5e7a897a6cc8The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate permissions can read the password. This behavior also increases the risk that database passwords will be intercepted by an attacker during transmission in the server response. Many types of vulnerabilities, such as broken access controls, cross site scripting and weaknesses in session handling, could enable an attacker to leverage this behavior to retrieve the passwords.
70e6691798348933f72079d525b978bc0517e5c1f2d9ac8b96813c23d1234685This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.
fc2503cafa5ba3115896a3dc2baf8a4ded20d177d35f6003c3053acbcc5a8f5aGLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.
0937b05f1fb5c8e26650b3ff3036018e86cdfd467308fd6c3e1b37d5aa588d9cWordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
44b6783873b84d60c9427dd76b9a98383fd7f993964765bebb0b876b91c1bedaBMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.
3c3484f8fcc75a92702655ca438887e9feb947e1b2bba0fc5284d6ea230f3db7Kruxton version 1.0 suffers from a remote SQL injection vulnerability.
9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cdKruxton version 1.0 suffers from a remote shell upload vulnerability.
eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.
18873adacfde1b4805b4a6b105109b6e4a03d0a85a9440207f1364a7e3ae897bAMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.
d20b6ec27d1eeff141c08bd7cfa9127bb8953085c6f65df0d3f8a8e79abd9901
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed