Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation vulnerability.
bdf5f12114d9810353407e9bf2aa69dff68a900d64bc056a6fe658b1f27ea756Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.
3838fc4275908e3ac8ebdd5bb1370b4c99bea63e3815ed1f4143cadf66d17b91An attacker with standard / low access rights within the web GUI is able to gain access to the CLI (if it has been previously disabled by the configuration) and escalate his privileges. Depending on the CLI features it is possible to extract the whole configuration and manipulate settings or gain access to debug features of the device, e.g. via "debug", "upgrade", "upload" etc. commands in the CLI. Attackers can gain access to sensitive configuration data such as VoIP credentials or other information and manipulate any settings of the device. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.
90ac2bef39fc223d39c55dd25d8c1c7649eef240a5d176c34c393459939c1b5dDepending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI. An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL. It is possible to access forbidden entries within the first layer of the web GUI, any further subsequent layers/paths (sub menus) were not possible to access during testing but further exploitation can't be ruled out entirely. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.
224fe403284f3f8aa1fc76600cf0efb9753737797fe2fc4605009e3ffb114dc8ADB broadband gateways and routers suffer from a local root jailbreak vulnerability via a network file sharing flaw. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.
7dce607bd3e5e3f6e26587a92d82df41533ac622acb4e023f4d607f0a8326860Loxone Smart Home versions prior to firmware 6.4.5.12 suffer from flaws including denial of service, cross site scripting, credential theft, header injection, and control of arbitrary devices.
ab5062f89708dd98a37da8e485f31600d093f6ecd77a9ddf38203d4670fb5690Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.
d2c2d58cc183daa4264d0d86fbef93c03c64a2d566cceec9002e366fbba704ddReadsoft Invoice Processing version 5.6 and Process Director version 7.2 suffers from cross site scripting and design vulnerabilities.
58bf606761fd0cbf2446293ded7d4bf6daba9b1265483f987c814d44bf97c023Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.
e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8dNICE Recording eXpress versions 6.0.x, 6.1.x, 6.2.x, 6.3.x, and 6.5.x suffer from cross site scripting, root backdoor, unauthenticated access, fail authorization, insecure cookie handling, and remote SQL injection vulnerabilities.
bdb30edda34d4ff17e66fa273b232b2211afee38439c1a357eb28084a440f5d2Huawei E5331 MiFi mobile hotspot version 21.344.11.00.414 suffers from unauthenticated access and setting manipulation vulnerabilities.
cf66e5b0d1f8f702cc5cfd945ea173dc22ced7f2673c50573c15dd2f91677a87T-Mobile HOME NET Router LTE / Huawei B593u-12 version V100R001C54SP063 suffers from cross site request forgery, information disclosure, command injection, and directory traversal vulnerabilities.
5ecc71b535700461b5eb90e9396b789a771cb54638c84b968532e6e4e659d99eGrouplink Everything HelpDesk versions 10.0.3 and below suffers from cross site scripting and password reset vulnerabilities.
0e11f563d1566704eb5a0ee34b573581a9cbbfbbc50c6d757da046e0bdf19595This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.
4f033af844cdd623331a0bd422e02eb8ac32fdbef2908dd0e003506fe068e0b1GroundWork Monitor Enterprise version 6.7.0 suffers from remote SQL injection, file disclosure, command injection, and cross site scripting vulnerabilities. This is the second of two advisories documenting all the issues in GroundWork. Detailed proof of concepts were removed by the author because GroundWork is refusing to fix the underlying security issues.
dee12f394845970be25c5bec4cdb8f4b96ef27fcdb45f2b56195fa023bcfd2a5GroundWork Monitor Enterprise version 6.7.0 suffers from insufficient authentication, file disclosure, file modification, cross site scripting, XML external entity injection, command injection, and various other vulnerabilities. Detailed proof of concepts were removed by the author because GroundWork is refusing to fix the underlying security issues.
96c7a6d3d01751ea9ff17e2fa08b0d6e1ef1b0d0d735f08fb7964d7f9ea4c83eVOXTRONIC Voxlog Professional versions 3.7.2.729 and below suffer from file disclosure, remote code execution, and remote SQL injection vulnerabilities.
1b7e866efc987b1e820a90007bf6bda712524774261dd6c1229b6080fec76cc1The SecCommerce SecSigner Java applet version 3.5.0 suffers from a client-side remote arbitrary file upload vulnerability.
5c2fa4abe1884f3a0b572d67e36f2d26b087f7cd52d35a19c40e81c656d3dd40Check Point SSL VPN On-Demand applications suffer from remote file upload and command execution vulnerabilities.
16fc1a812d8e49f019aec198ac5b1f6339e0854addc6171fa54586f34e1a1259Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.
2bd10f0a3d3cc78cbdd70e360341145cdcc41d59f78c199e223b197ec74303a1SEC Consult Security Advisory 20090901-0 - A file disclosure vulnerability exists in JSFTemplating, Mojarra Scales, and GlassFish Application Server v3 Admin console.
997ef8e7a5352750004cfe364dea689341b943cbe725378661952f230c85209dSEC Consult Security Advisory 20090429-0 - LevelOne AMG-2000 Wireless AP Management Gateway suffers from proxy bypass and plain text vulnerabilities.
21fedd3d58a60ec4be0f1b3d390a6efc6e4b55fd06209cf789610813125e1dafWireless LAN Attacks - What you need to know or a simple guide to WEP/WPA-PSK cracking. Written in German.
fc0140409550bde9a1cac6afb2f4ba716dca7bfe4e2a1793339b8e8e88392400SEC Consult Security Advisory - SEC Consult has discovered an arbitrary code execution flaw in Joomla! version 1.5 beta 2.
27257772ee84bdb082f3c8d0b36b605e8ca0215067cd5b2505a0b873391955c4SEC Consult Security Advisory 20070509-0 - The Nokia Intellisync Mobile Suite is susceptible to cross site scripting, source code disclosure, and denial of service vulnerabilities. Details provided. Versions known vulnerable include 6.4.31.2, 6.6.0.107, and 6.6.2.2.
51a25ba5752d84a5e2041a75ccb577608b5f1dc5ff208d33097a57a267d97907
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed