Lucene search
+L

122 matches found

CVE
CVE
added 2017/05/01 7:0 p.m.57 views

CVE-2017-6565

The connected sources confirm a concrete vulnerability in Franklin Fueling Systems TS-550 evo firmware 2.3.0.7332. The issue allows the roleDiag user (credentials obtainable via CVE-2013-7247) to upload files to the server hosting the web service due to lack of input sanitization, enabling a mali...

8.8CVSS8.4AI score0.01035EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/05/01 7:0 p.m.22 views

CVE-2017-6565

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload...

8.6AI score0.01035EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/05/01 7:0 p.m.16 views

CVE-2017-6564

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...

6.4AI score0.00815EPSS
Exploits0References2
CVE
CVE
added 2017/05/01 7:0 p.m.56 views

CVE-2017-6564

The CVE-2017-6564 vulnerability affects Franklin Fueling Systems TS-550 evo version 2.3.0.7332. The Guest user (lowest privileges) can post to the idSourceFileName parameter under the /download directory, enabling download of sensitive system files such as databases. This is an information disclo...

6.5CVSS6.3AI score0.00815EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2017/05/01 12:0 a.m.5 views

PT-2017-17162 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo

Name of the Vulnerable Software and Affected Versions: Franklin Fueling Systems TS-550 evo version 2.3.0.7332 Description: The issue allows an attacker to upload malicious files to the server hosting the web service due to the lack of sanitization checks. This can be achieved by exploiting a...

8.8CVSS8.7AI score0.01035EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2017/05/01 12:0 a.m.8 views

PT-2017-17161 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo

Name of the Vulnerable Software and Affected Versions: Franklin Fueling Systems TS-550 evo version 2.3.0.7332 Description: The issue allows an attacker with the lowest privileges, as the Guest user, to download sensitive system files from the host machine. This is achieved by posting to the...

6.5CVSS6.3AI score0.00815EPSS
Exploits0References3
seebug.org
seebug.org
added 2016/07/25 12:0 a.m.38 views

Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability

Author: rungobier 知道创宇404安全实验室 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地,在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面,我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先,需要获取 Apache Shiro 存在漏洞的源代码,具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/03 12:0 a.m.36 views

Oracle BeeHive 2 - 'voice-servlet prepareAudioToPlay()' Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Oracle BeeHive 2 voice-servlet prepareAudioToPlay Arbitrary File Upload", 'Description' = %q This module exploits a vulnerability...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/13 12:0 a.m.49 views

Amazon Linux AMI : openssl (ALAS-2015-564)

During certificate verfification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

6.5CVSS6.6AI score0.61798EPSS
Exploits6References3
Amazon
Amazon
added 2015/07/09 12:0 a.m.43 views

Critical: openssl

Issue Overview: During certificate verfification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain chec...

6.5CVSS6.8AI score0.61798EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.233 views

Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)

LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This...

7.5CVSS7.4AI score0.9986EPSS
Exploits2References8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.60 views

Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 evo device Version affected:...

10CVSS8.7AI score0.04161EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Multitech RouteFinder 550 Remote Memory Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7067/info A vulnerability has been discovered in Multitech RouteFinder 550 VPN firmware release 4.63 and earlier. The problem occurs due to insufficient bounds checking of data supplied in HTTP GET requests. By passing...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/02/07 12:0 a.m.92 views

Franklin Fueling Systems TS-550 evo‘cgi-bin/tsaws.cgi’安全绕过漏洞

Bugtraq ID:64996 CVE ID: CVE-2013-7247 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550...

5CVSS8.4AI score0.0263EPSS
Exploits8
seebug.org
seebug.org
added 2014/02/07 12:0 a.m.39 views

Franklin Fueling Systems TS-550 evo 'tsaws.cgi'安全绕过漏洞

Bugtraq ID:65041 CVE ID: CVE-2013-7248 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550 evo中存在安全漏洞,该漏洞源于程序对roleDiag账户使用硬编码密码。远程攻击者可利用该获取root权限,可完全控制设备。 ...

10CVSS6.4AI score0.04161EPSS
Exploits8
NVD
NVD
added 2014/01/26 1:55 a.m.21 views

CVE-2013-7247

cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information user names and password hashes via the cmdWebGetConfiguration action in a TSAREQUEST...

5CVSS8.5AI score0.0263EPSS
Exploits8References1
Prion
Prion
added 2014/01/26 1:55 a.m.16 views

Design/Logic Flaw

cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information user names and password hashes via the cmdWebGetConfiguration action in a TSAREQUEST...

5CVSS6.9AI score0.0263EPSS
Exploits8References1Affected Software1
CVE
CVE
added 2014/01/26 1:0 a.m.68 views

CVE-2013-7248

The CVE-2013-7248 issue in Franklin Fueling Systems TS-550 evo affects firmware 2.0.0.6833 and earlier than 2.4.0, due to a hardcoded password for the roleDiag account that enables remote root access via cmdWebCheckRole in TSA_REQUEST. Trustwave SpiderLabs’ advisory TWSL2014-001 documents the roo...

10CVSS7.1AI score0.04161EPSS
Exploits8References1Affected Software2
Cvelist
Cvelist
added 2014/01/26 1:0 a.m.29 views

CVE-2013-7247

cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information user names and password hashes via the cmdWebGetConfiguration action in a TSAREQUEST...

8.5AI score0.0263EPSS
Exploits8References1
Cvelist
Cvelist
added 2014/01/26 1:0 a.m.27 views

CVE-2013-7248

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSAREQUEST...

7AI score0.04161EPSS
Exploits8References1
Rows per page
Query Builder