what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 3 of 3

Files Date: 2019-04-27

Sierra Wireless AirLink ES450 ACEManager Information Exposure

Posted Apr 27, 2019

Authored by Cisco Talos, Carl Hurd | Site talosintelligence.com

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.

tags | exploit, web, info disclosure

advisories | CVE-2018-4069

MD5 | c154279339a8d9182105df73e74d6552

Download | Favorite | View

Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure

Posted Apr 27, 2019

Authored by Cisco Talos, Jared Rittle, Carl Hurd | Site talosintelligence.com

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.

tags | exploit, web, cgi, info disclosure

advisories | CVE-2018-4067

MD5 | 49c6b8453e708ea1875261fc0fb7e6b4

Download | Favorite | View

Joomla ARI Quiz 3.7.4 SQL Injection

Posted Apr 27, 2019

Authored by Mr Winst0n

Joomla ARI Quiz version 3.7.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

MD5 | b5209ba22cb982bd3e147963caaee250

Download | Favorite | View