Real Name | Gjoko Krstic |
---|---|
Email address | private |
First Active | 2007-07-26 |
Last Active | 2024-08-20 |
Sielco PolyEco Digital FM Transmitter version 2.0.6 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks to gain full control of the system.
4b06b64589263878904bbae281d9bc23f194bb5f895a3a50d9058978920f6a0e
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
8f1daeafa0b883f3bc1384e9d0ca0360450ece2b79076365d95798b698667cd0
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.
1779dd48b3ba2fb604c2b3fe1410c7bc803e1f964aaa62ab3b478868956ced70
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.
267418fd80ab371b230bbaa9fdec8767c24efde298174b16aca5925e335bcb57
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a radio data system POST manipulation vulnerability.
e4b2d7df23ae1d7324dc922c11ba13e061cf42b3b6e86c38b42666eb035ea0d7
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authorization bypass vulnerability.
914581db2916f5747f0db33acd0f545ea153e562c456cbc46171baf8c4bada5d
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authentication bypass vulnerability.
04fe7d8ff6572fa3612a369b0c0a33163c016a620b5ff6ab9e58d326db1f5cf8
Sielco Radio Link version 2.06 suffers from a remote privilege escalation vulnerability.
0c75a354919091616a5f5737e0902174ba1e520eeba17f8046eaaf7514082d82
Sielco Radio Link version 2.06 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.
f9373f954a93947453ded81dc6daa3fec0b14580a358bf7dd553b39b0a3ac6e3
Sielco Radio Link version 2.06 suffers from a cross site request forgery vulnerability.
c17546acff364d10c1872ec359f38d4d53aa3ec8bfa731bb52efa125a19521ce
Sielco Radio Link version 2.06 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
b3c859a3990332816faa05fab3d576d807b312c06709f5259ba34906edcbc66e
Sielco Analog FM Transmitter version 2.12 suffers from a remote privilege escalation vulnerability.
f9e8dacd33d3784c7f722d94e8a2f150689a024754736b4c0454360058ce7c17
Sielco Analog FM Transmitter version 2.12 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.
d26af0548c227a54b41c51e35c1c6513352b0b18304e8cf89730a7260c3ad51d
Sielco Analog FM Transmitter version 2.12 suffers from a cross site request forgery vulnerability.
c1c1c47865eb0e698992e725937498a55c55a78c7bf94b4e53ab2fcb7e6d18b5
Sielco Analog FM Transmitter version 2.12 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
96ea285153f1385d9929ef190734969d4bc702d1d9aa0eea1a04870c880ae84a
Google Chrome Browser version 111.0.5563.64 suffers from an AXPlatformNodeCocoa fatal out-of-memory denial of service vulnerability on macOS.
0f11dee0a3ee89decd4ede4b99ca33ca5b7ef40ffe08c8c8a668fe309ac5f950
Osprey Pump Controller version 1.0.1 unauthenticated remote code execution exploit.
e3aa8cf09a10153c22c1fea563f19e0486760740b752b12095b5ec99f655864f
Osprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.
3ff94000035eb0e3d7750af6a36a24cd3f59ddd0bf32adc49eed8270dae8c139
Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.
f96ac6802073d61b8a8224120fbbc475b78857a672615467fe07f5419f23785a
Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.
c1bf05288bbed246cc644a8fdb368c0546ebbfbb0723ec8709bda8abbafeddfd
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.
db0ca77f3b6262f047a41f704f1fbcabf469fa7d9140d8fddf64e48fc5dc7ab1
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.
36296eda1780ae0ac70f0164496b08fb374f20a8169546a905c771704b399ab9
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.
54e985965675a39585d65ec988986982607117a47b0151caf9326c6cb4e834f8
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the password cannot be changed through any normal operation of the device. The backdoor lies in the /home/pi/Mirage/Mirage_ValidateSessionCode.x ELF binary.
20dd59fb8eec86241f48a70c218c680f5b2d35a35df76e3261cbee08ab36c4c7
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability.
65257df0315232e3ca32b7770b12524374ecdcb6a15f818ee9379654da62abe3