122 matches found
CVE-2017-6565
The connected sources confirm a concrete vulnerability in Franklin Fueling Systems TS-550 evo firmware 2.3.0.7332. The issue allows the roleDiag user (credentials obtainable via CVE-2013-7247) to upload files to the server hosting the web service due to lack of input sanitization, enabling a mali...
CVE-2017-6565
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload...
CVE-2017-6564
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...
CVE-2017-6564
The CVE-2017-6564 vulnerability affects Franklin Fueling Systems TS-550 evo version 2.3.0.7332. The Guest user (lowest privileges) can post to the idSourceFileName parameter under the /download directory, enabling download of sensitive system files such as databases. This is an information disclo...
PT-2017-17162 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo
Name of the Vulnerable Software and Affected Versions: Franklin Fueling Systems TS-550 evo version 2.3.0.7332 Description: The issue allows an attacker to upload malicious files to the server hosting the web service due to the lack of sanitization checks. This can be achieved by exploiting a...
PT-2017-17161 · Franklin Fueling Systems · Franklin Fueling Systems Ts-550 Evo
Name of the Vulnerable Software and Affected Versions: Franklin Fueling Systems TS-550 evo version 2.3.0.7332 Description: The issue allows an attacker with the lowest privileges, as the Guest user, to download sensitive system files from the host machine. This is achieved by posting to the...
Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability
Author: rungobier 知道创宇404安全实验室 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地,在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面,我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先,需要获取 Apache Shiro 存在漏洞的源代码,具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...
Oracle BeeHive 2 - 'voice-servlet prepareAudioToPlay()' Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Oracle BeeHive 2 voice-servlet prepareAudioToPlay Arbitrary File Upload", 'Description' = %q This module exploits a vulnerability...
Amazon Linux AMI : openssl (ALAS-2015-564)
During certificate verfification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...
Critical: openssl
Issue Overview: During certificate verfification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain chec...
Amazon Linux AMI : openssl (ALAS-2015-550) (Logjam)
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This...
Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities
No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2014-001: Multiple Vulnerabilities in Franklin Fueling's TS-550 evo Published: 01/03/2014 Version: 1.0 Vendor: Franklin Fueling Systems http://www.franklinfueling.com/ Product: TS-550 evo device Version affected:...
Multitech RouteFinder 550 Remote Memory Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7067/info A vulnerability has been discovered in Multitech RouteFinder 550 VPN firmware release 4.63 and earlier. The problem occurs due to insufficient bounds checking of data supplied in HTTP GET requests. By passing...
Franklin Fueling Systems TS-550 evo‘cgi-bin/tsaws.cgi’安全绕过漏洞
Bugtraq ID:64996 CVE ID: CVE-2013-7247 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550...
Franklin Fueling Systems TS-550 evo 'tsaws.cgi'安全绕过漏洞
Bugtraq ID:65041 CVE ID: CVE-2013-7248 Franklin Fueling Systems TS-550 evo是美国富兰克林油系统(Franklin Fueling Systems)公司的一套燃油管理系统,它可通过储罐监控系统全面控制燃油管理,并提供彩色通知和详细标识说明的警报页面功能,迅速获得警报内容。 使用2.0.0.6833和2.3.1.7492版本固件的Franklin Fueling Systems TS-550 evo中存在安全漏洞,该漏洞源于程序对roleDiag账户使用硬编码密码。远程攻击者可利用该获取root权限,可完全控制设备。 ...
CVE-2013-7247
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information user names and password hashes via the cmdWebGetConfiguration action in a TSAREQUEST...
Design/Logic Flaw
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information user names and password hashes via the cmdWebGetConfiguration action in a TSAREQUEST...
CVE-2013-7248
The CVE-2013-7248 issue in Franklin Fueling Systems TS-550 evo affects firmware 2.0.0.6833 and earlier than 2.4.0, due to a hardcoded password for the roleDiag account that enables remote root access via cmdWebCheckRole in TSA_REQUEST. Trustwave SpiderLabs’ advisory TWSL2014-001 documents the roo...
CVE-2013-7247
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information user names and password hashes via the cmdWebGetConfiguration action in a TSAREQUEST...
CVE-2013-7248
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSAREQUEST...