| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2024-08-20 |
Akuvox Smart Intercom/Doorphone suffers from an unauthenticated live stream disclosure when requesting video.cgi endpoint on port 8080. Many versions are affected.
b9109fbd6b81561f43a64e422162fa5e99ed650e66b857057e94fc3b868986d0Deep Sea Electronics DSE855 is vulnerable to configuration disclosure when direct object reference is made to the Backup.bin file using an HTTP GET request. This will enable an attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, and full system access.
1d64431803bd77f94436581379685f0abf2c49f8bdfd5eec2c904d237a7b2ac3Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords. This can lead to unauthorized access and control over the aquarium controller, compromising its security and potentially allowing attackers to manipulate its settings.
156dd012b72f45fad1f98bb1e1e9d6db89c8dfc2181bfdb205566cd6e184f365Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
1f4ca9c99499e4b0297302a26037d992679a7eb1d2c0d0b3b0698bafec7a14ccElber Wayber Analog/Digital Audio STL version 4.00 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.suffers from a bypass vulnerability.
a8be311ea8bd5716cfaf9d9ff03921fd4ed851241b2631c9ed01cc72407d6cd5Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
732e89c4d7c762b1e07463f187d3f8108448d799f0b2758484573c4b30793c25Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
83741fb5f4f7b681078f0f0aabdad5e51a82d40ac4c86d1cf8609032649927cbElber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
67d45ea700951600af178d1f85ea7278844c202822bf7c0658dfaf91b222e908Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
c2417b5039d600504ceb0e6c879a84ed9fa871b7b6f5e5cc38ae49fcdd200170Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
77061cc166718763551c4d6d463e2cbc76a772e04ed4a0acfdf893965b4476cbElber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
055664930200e432744c2fe93d040213de69b2cc7bd67a68df70afa259bd9b24Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
a259836c2010557736c6c674d0ca15f441385152927583f06374e38fb067306fElber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.
9ceffe5b49bd3badfd5ead7c79b69103e029d8dd57cc256606f884dc51678833The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user's password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device's system security.
e8bf7735882d4c05983b6e675cc30c123bd15be6138cd6e0ef2ac21890428dedTosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
7820f9f7d9af81913956c26707d4acc215ad499c129864227adf8ac1f2345e47TELSAT marKoni FM Transmitter version 1.9.5 allows an unauthorized user to change passwords.
1a66ae97399735bad2659eadafe4e686cf03efee1ac0274553f2b7dbf758023dTELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations.
83533dbc84d20eb18eca133e9837ec480db912786b98b95f7685d6c1337c524cTELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.
4ca01a27bd0ca6409f7d71dc7c9c036577b1fa85f80f0723476544a5ed69de48TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.
46341d10fda6afba8c75a394bb4b32d1f7ec8fe113f6eab57560a1e8d79ab38aR Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.
957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54dThe Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access. Firmware versions 2.01 and below are affected.
3449aff141402f4665fd423173623d011160d26c4468883c56ce200716f8753aTEM Opera Plus FM Family Transmitter version 35.45 suffers from a cross site request forgery vulnerability.
a52528a06358c03567dd7250e46dc164be44ddfb510fb4bf6804baef2e55864dTEM Opera Plus FM Family Transmitter version 35.45 suffers from a remote code execution vulnerability.
7ade5447ba45d88833961d63cfdb8a3c4c9ce12a9bb50b6bc86aa17b24bdd65cVIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations.
410445f3600c298991dca858be19f7b5d39aabcc622dfaeb5831c84c9962918bElectrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.
ac5f10b56496b87847c741037481ca75bcd2e582224891a5fdf49e523b421ad3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed