Sielco PolyEco Digital FM Transmitter version 2.0.6 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks to gain full control of the system.
4b06b64589263878904bbae281d9bc23f194bb5f895a3a50d9058978920f6a0eUbuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
a9c225928b1c28bf90c101180a361e5db4576ba6b23acb6d2f68a5da43566cebSielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
8f1daeafa0b883f3bc1384e9d0ca0360450ece2b79076365d95798b698667cd0Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.
240de720e001bf838375281c8974f3f4db8855a03923fc43cfd177237fada857Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.
1779dd48b3ba2fb604c2b3fe1410c7bc803e1f964aaa62ab3b478868956ced70Ubuntu Security Notice 6011-1 - It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed quotes. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed brackets. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service.
779aeab8a0e6e185281188748833317d5be747f25316532e4e271da16208b410Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.
267418fd80ab371b230bbaa9fdec8767c24efde298174b16aca5925e335bcb57Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.
f5fdb00ee615b9b2fbc00838a17e11fc10b0748dec647bfe139f3c9248ea106eSielco PolyEco Digital FM Transmitter version 2.0.6 suffers from a radio data system POST manipulation vulnerability.
e4b2d7df23ae1d7324dc922c11ba13e061cf42b3b6e86c38b42666eb035ea0d7Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authorization bypass vulnerability.
914581db2916f5747f0db33acd0f545ea153e562c456cbc46171baf8c4bada5dUbuntu Security Notice 6010-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks.
c07c9ccfa752f289448bcd7602852f783c5740abe4afaefdadd3ef002834324bThis Metasploit module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server. This affects versions of UniData prior to 8.2.4 build 3003. This service typically runs as root. It accepts a username of ":local:" and a password in the form of "<username>:<uid>:<gid>", where username and uid must be a valid account, but gid can be anything except 0. This exploit takes advantage of this login account to authenticate as a chosen user and run an arbitrary command (using the built-in OsCommand message).
a072b9a39317b3843159b4f19550be453c524b06398e48145609bb5afa1a4475This Metasploit module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server, which runs as root. This vulnerability affects UniData versions 8.2.4 build 3003 and earlier (for Linux), but this module specifically targets UniData version 8.2.4 build 3001. Other versions will crash the forked process, but will not otherwise affect the RPC server. The username and password fields are copied to a stack-based buffer using a function that's equivalent to strcpy() (ie, has no bounds checking). Additionally, the password field is encoded in such a way that we can include NUL bytes.
573fc6e16c91d795c9424c33a9909a1277e50ad02e08eb5886ceb1a2e2610251Red Hat Security Advisory 2023-1744-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.
b516e9f562da009ac786a0543e0d7eebc70acfd4e3c5df43a3267c02f234c887Red Hat Security Advisory 2023-1743-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.
48bd4394b42ef169e2f3ba2b84e34d023eb13eadddd77b237b4659256714e6b3Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an authentication bypass vulnerability.
04fe7d8ff6572fa3612a369b0c0a33163c016a620b5ff6ab9e58d326db1f5cf8Sielco Radio Link version 2.06 suffers from a remote privilege escalation vulnerability.
0c75a354919091616a5f5737e0902174ba1e520eeba17f8046eaaf7514082d82Red Hat Security Advisory 2023-1663-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
c0b211c61f5b1935e346647b65b123e0fa7907ee7a3ed75a15991b0a9fd45bb6Sielco Radio Link version 2.06 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.
f9373f954a93947453ded81dc6daa3fec0b14580a358bf7dd553b39b0a3ac6e3Sielco Radio Link version 2.06 suffers from a cross site request forgery vulnerability.
c17546acff364d10c1872ec359f38d4d53aa3ec8bfa731bb52efa125a19521ceUbuntu Security Notice 6009-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
fae0436a7a71ef1f1c9e2b9c7be382f428603ebb16892ffc834fe96514e4351eSielco Radio Link version 2.06 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.
b3c859a3990332816faa05fab3d576d807b312c06709f5259ba34906edcbc66eRed Hat Security Advisory 2023-1664-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
c0eb66100eff33a05cc9e2d9a75d565b68109c88876cfb85737526650fe5d7c1Sielco Analog FM Transmitter version 2.12 suffers from a remote privilege escalation vulnerability.
f9e8dacd33d3784c7f722d94e8a2f150689a024754736b4c0454360058ce7c17Sielco Analog FM Transmitter version 2.12 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.
d26af0548c227a54b41c51e35c1c6513352b0b18304e8cf89730a7260c3ad51d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed