Real Name | Gjoko Krstic |
---|---|
Email address | private |
First Active | 2007-07-26 |
Last Active | 2024-08-20 |
Osprey Pump Controller version 1.0.1 has an ELF binary called Mirage_CreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploiting clear-text transmission of sensitive data including session token in URL. Session ID predictability and randomness analysis of the variable areas of the Session ID was conducted and discovered a predictable pattern. The low entropy is generated by using four IVs comprised of username, password, ip address and hostname.
c8c912e59b9a37815a739a0d4d3f99c9a8dc498a0057fd0f61996c7efe006205
SOUND4 LinkAndShare Transmitter version 1.1.2 suffers from a format string memory leak and stack buffer overflow vulnerability because it fails to properly sanitize user supplied input when calling the getenv() function from MSVCR120.DLL resulting in a crash overflowing the memory stack and leaking sensitive information. The attacker can abuse the username environment variable to trigger and potentially execute code on the affected system.
08bed1643ca8fe7e52102e53c1b987d059eaa3806e683bad069e20c052d613ef
This paper goes over common components of broadcast systems, how hackers take advantage of them, and discusses some of the vulnerabilities discovered.
1467a96747d9321ba7a659e074789337bc6efc1d4621b6ec26b5fdf38e1ca678
Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. Affected versions include HX200 8.3.1.14, HX90 6.11.0.5, HX50L 6.10.0.18, HN9460 8.2.0.48, and HN7000S 6.9.0.37.
01732a937c344613efd7c1ef744f546511c874deecd845ef0ca2d232baf0e177
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated factory reset vulnerability in restorefactory.cgi.
1a0c507a2c0f666f15e332c7934c5598e8049b69d4e09f06340c0fbb87d33517
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated remote code execution vulnerability in upload.cgi.
3c3c6d279fd591ebe7b26f14524ac53bdce85b020d4fd8b0674e18a3fd734b58
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a conditional command injection vulnerability in traceroute.php.
493fb94bb96a88e40abd33e5eccebbff52f80b0de903d6bad482c12681edc5d7
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username related unauthenticated command injection vulnerability.
2a1af0e2d214afa5a71f6409fc8b889a191a4e4d6f778f1364c588cf61c2226b
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a password related unauthenticated command injection vulnerability.
87e9bc33ec95ac9d66ff2caa9f5d4d61dc4d76eb1934816979fa04a477330ee1
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a services related authenticated command injection vulnerability.
eabf1351cb8311b07b8d38944e52c0f4bf4ac3fe1c2b689f78f5b11f2d93e684
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from an unauthenticated file disclosure vulnerability.
7704f2528e64a6579efda9376329311cb012f4d49f395092704e4f19b6d37559
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in ping.php.
ade832b5db9e3a83e1ab939037cf7ceb6613442fdf7944335ad9f3f638d97f84
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated radio stream disclosure vulnerability.
a313ea09e9877322d75ec4247416a055ed39d1c82bf035cde8f0bae23fb0995b
SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in dns.php.
29a3f77080209e96ce853753006ab37df305d0ac4c6d034a7504f2376215c2ba
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an information disclosure vulnerability.
008dfa5273043e47d602b15d8b45f577f0efeb0830579239c807aae59d59f1b3
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username persistent cross site scripting vulnerability.
379a2eb9b0acd18a7331a425186d83e32dc1d0d61a8581a459514c544f78c49e
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated directory traversal file write vulnerability.
ad43cb010a75d501644d98cc356e5a1773a27450473ecc223ae22abfadcf5f56
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a hardcoded credential vulnerability.
7dd7f164ff19a003d130c7f05a19965ba2b4b13c87933a6e3767ae2d3e587969
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allow an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilization of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.
81c669280d4737e923eb0b0a5259214bbdd51f21c8109143eeadbef36025d06c
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username SQL injection vulnerability that allows for authentication bypass.
ebd0817677a6a623ce0af3acaebf98d3a0395b2b1e5640dddf877c40914c1350
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a password SQL injection vulnerability that allows for authentication bypass.
570c92684bee96b2173b72286ae8616f4c83d4410e62a0cd97cfd31cc7c71510
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allows an unauthenticated attacker to disconnect the current monitoring user from listening/monitoring and takeover the radio stream on a specific channel.
51023384825dc840abd709ddec900a91de151bef787b63c5fbd8b007ce3c013d
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffers from an insufficient session expiration vulnerability.
ff2a1471eedafd1bd1327cc46f0166d284f2485f09142cda34a6ae43f1ffe502
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an authorization bypass due to an insecure direct object reference vulnerability.
ce9688c04a33c6f06d9e76e91a40f2fbf1a32abfe28f22584c0ab6856f158e6d
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a cross site request forgery vulnerability.
7ad82d8bc844cdfb8173406cc8e5fa3c2feccd6228cf610d090321bbbbac18b5