This Metasploit module exploits an information disclosure vulnerability in Cisco PVC2300 cameras in order to download the configuration file containing the admin credentials for the web interface. The module first performs a basic check to see if the target is likely Cisco PVC2300. If so, the module attempts to obtain a sessionID via an HTTP GET request to the vulnerable /oamp/System.xml endpoint using hardcoded credentials. If a session ID is obtained, the module uses it in another HTTP GET request to /oamp/System.xml with the aim of downloading the configuration file. The configuration file, if obtained, is then decoded and saved to the loot directory. Finally, the module attempts to extract the admin credentials to the web interface from the decoded configuration file. No known solution was made available for this vulnerability and no CVE has been published. It is therefore likely that most (if not all) Cisco PVC2300 cameras are affected. This Metasploit module was successfully tested against several Cisco PVC2300 cameras.
21cb8f8a454867d17b74411c47b6b13454df373ea0d835da3d2329b96d222a9cThis Metasploit module exploits an information disclosure in Apache Rave 0.20 and prior. The vulnerability exists in the RPC API, which allows any authenticated user to disclose information about all the users, including their password hashes. In order to authenticate, the user can provide his own credentials. Also the default users installed with Apache Rave 0.20 will be tried automatically. This Metasploit module has been successfully tested on Apache Rave 0.20.
0ee081ebc210103428fee49812e36eeb28870ee37c407fc90e4ae247b331e1bfDebian Linux Security Advisory 5761-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
b688330f4468b4808fd77edb3135ca2d428c6005bd049af00064e8aeef66f188Debian Linux Security Advisory 5757-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
b36cd7bc93a9e6a4f0b3bb03a7b90689eecbec97b3839ed420816280b821c7b1Bang Resto version 1.0 suffers from an information disclosure vulnerability.
830c31d95b7f59f003c211243b33e2126b35344e02f89fef93aa5788666eaf2aUbuntu Security Notice 6959-1 - It was discovered that .NET suffered from an information disclosure vulnerability. An attacker could potentially use this issue to read targeted email messages.
0aaff00746e0a905480253c3bcc728acece90316aa7ecacac8629d61a199fd98Debian Linux Security Advisory 5741-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
8dee3da3b07efa6be058ffcae9199b23d1616a0b89cbd3f0e156b17215c83d6eDebian Linux Security Advisory 5738-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.
813d265dc739824c4ab6e69f47a1f908b3c5100ef0d4a956995fb6a17a51c84cDebian Linux Security Advisory 5736-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.
957d1e7febf0e6ffc2970d2843195a0864cd1906e9b17bd7a94d8dc578a923faThis is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease, a product of Horizon Business Services Inc. These vulnerabilities have significant implications for the confidentiality, integrity, and availability of the software and the sensitive data it handles. The issues include problems like remote SQL injection, command injection, authentication bypass, hard-coded credentials, and more.
922dd24931dfc780dbe72f5070222b4450361d9b42c8b9a975582549453b4573Debian Linux Security Advisory 5735-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
e94d095795272c99417722eadeff327261063340ffbc4e8f2255b1e625e40418An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used.
b42befc858b86f3d8819791d933601caf73d18c43fef25ac1bf48bd2f453056cAn issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device.
d84a795e3b93f14712bdb170fd5d7cfa43e17cb9853b135d7ed7e9323fa39ce3An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information includes the SSID and WPA2 key for the Wi-Fi network the device is connected to.
c1840a21faea62a36c6bc7e40c57e0e5b17eba2135cb46888a2b4014361ad916An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable.
21d88cd70375a513ca358325971700e907cca09906e21a62eda4bd9a20252236An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device.
0565814322a8c520d48233f4208f575674bdcaee0dd5d4f8a76504f93a015dd4An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a backup file is created through the web interface, information on all users, including passwords, can be found in cleartext in the backup file. An attacker capable of accessing the web interface can create the backup file.
72a75bc908066ff805bf1c11389d4cbededbfda26a83fc3356cb5a8e513b7675An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to.
f549ef3c39fe38d7059dc9eac35c3af42528503ec1e98721a75f5dc9da7da20fAn issue was discovered in WiZ Colors A60 1.14.0. Applications use general logs to reflect all kind of information to the terminal. The WIZ application does also use logs, however instead of only generic information also API credentials are submitted to the android log. The information that is reflected in the logging can be used to perform authorized requests in behalf of the user and therefore controlling the lights just as the user can do using the application. In order to obtain the information access to the device logs is required. This can most easily be done via local access and also by other apps on rooted devices.
6492b2c8cbbe7c07a81425d4126782dccb464f0c1bd39f043a2040c848da6ea8AMPLE BILLS version 1.0 appears to suffer from an administrative page disclosure issue.
075664283ea2c622f78ab5765188a914420ae491df36dc028ae8cbe0d7af7a77PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.
567512dc29f3191d46966af5a6dd1339474aa567f65e1c6564dccda43acadad3Debian Linux Security Advisory 5732-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
ba84e05a4e793af50e4bc61477d6411ed2ca8af40ee288a51b55587888d2ff97Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
b5b11c86d2db811480610e8bc947b766a72e512e4421fd27ff4ece52e3fd3a96Debian Linux Security Advisory 5716-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
c62d6a8690b7d7a9cda4fa67811a45a88793b027295217474d757bb13d189d7cDebian Linux Security Advisory 5710-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
a94c3400d965474f472a6470d2cc5de01f3d9ff6f801375e77f029d1246035ca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed