| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2017-08-28 |
NethServer version 7.3.1611 suffers from a cross site request forgery vulnerability that allows you to create a user and enable SSH access.
30902b438d0c118a9ace27dab197dbe2NethServer version 7.3.1611 suffers from a cross site request forgery script insertion vulnerability in Upload.json.
a9980262ca1346b7e14b6a1188a41a1dAutomated Logic WebCTRL version 6.5 suffers from an unrestricted file upload vulnerability that allows for remote code execution.
dfbd662ecb79e969664c3cfd3b845d91Automated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities.
ba74d7e72b8d250b3eb5121245e82a5fAutomated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.
bfe85c9a0561b977ce1f85fffe2a9011DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
f45967f142034d6fe2d841c45f04a738DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from multiple remote file disclosure vulnerabilities.
c761202bc8de7da35dd69a0a76f5a0e4DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a server-side request forgery vulnerability.
e4cf92df4fabe47cdccf21a808417f2fDALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a user enumeration weakness vulnerability.
88880ef2ce8b63e81ebfb59d4e065708Dasan Networks GPON ONT WiFi Router H64X Series suffers from a system configuration download vulnerability.
32c6926d4b55f78a96e9330f3313ccb5Dasan Networks GPON ONT WiFi Router H64X Series suffers from a privilege escalation vulnerability.
870b4516ab12344f5a3e0b816499e21aDasan Networks GPON ONT WiFi Router H64X Series suffers from a cross site request forgery vulnerability.
f8789c203d45686a1478547c8f7ef85bDasan Networks GPON ONT WiFi Router H64X Series does not properly perform authentication and authorization, allowing it to be bypassed through cookie manipulation. Setting the Cookie 'Grant' with value 1 (user) or 2 (admin) will bypass security controls in place enabling the attacker to take full control of the device management interface.
2ac46a8fae0efacc57a1d3723fb041ccSchneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.
29d6a13171a92249a789a85e02531e9ePelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
dfa0df3c855819b71c9869725eccb056Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.
2fe804940583feed8e2672643c87628dPelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
f60def224c0da5db858f33bf6eef0e47Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
7cab066459f46bedf6175289966aec2ePelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
7f8219b6e322e2f71ec72c2c608d1040SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.
cc6ee041f9ef0acdd8e3fb8dbdcb6dfbEnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.
6051f5e6ab0341318d0a8979089a82beOV3 Online Administration version 3.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
b45182a216390d5400da665f979cc9adOV3 Online Administration version 3.0 suffers from an authenticated remote code execution vulnerability.
4836439cfaece2fea647cf5c5b5bc314OV3 Online Administration version 3.0 suffers from a traversal vulnerability that allows for arbitrary file access.
d59ba0c9c85323843417e3b44d2fa62bCERIO 11nbg 2.4Ghz high power wireless router (pekcmd) has multiple backdoor accounts that yield rootshells.
624f0bc5afb62a9c9c86abe9e5434ea1
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed