1895 matches found
Battelle V2I Hub Security Restriction Bypass Vulnerability
The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A security restriction bypass vulnerability exists in Battelle V2I H...
Battelle V2I Hub Information Disclosure Vulnerability
The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. An information disclosure vulnerability exists in Battelle V2I Hub...
CVE-2018-1000627
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...
CVE-2018-1000626
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...
CVE-2018-1000627
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...
Information disclosure
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...
Security feature bypass
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...
CVE-2018-1000628
The CVE-2018-1000628 entry concerns Battelle V2I Hub 2.5.1, where a security-restriction bypass is caused by comparing an API key against a user-supplied value via PHP’s $_GET using strcmp. By appending [] to the key parameter in API function URLs, an attacker could bypass checks and execute API ...
CVE-2018-1000626
CVE-2018-1000626 affects Battelle V2I Hub 2.5.1. The vulnerability stems from not changing the default API key, enabling a remote attacker to bypass security restrictions by using any API function with the unchanged key, to gain unauthorized access. Documented across multiple sources (NVD, CNVD/C...
CVE-2018-1000626
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...
CVE-2018-1000628
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...
CVE-2018-1000627
Battelle V2I Hub 2.5.1 exposes an API key due to failure to restrict access to the API key file, enabling remote attackers to obtain the current API key and gain unauthorized access. This information disclosure vulnerability is described across CVE-2018-1000627 sources (NVD/CNVD) with consistent ...
CVE-2018-1000627
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...
Kamerka - Build Interactive Map Of Cameras From Shodan
Build an interactive map of cameras from Shodan. The script creates a map of Shodan cameras based on your address or coordinates. https://medium.com/@wojciech/%EA%93%98amerka-build-interactive-map-of-cameras-from-shodan-a0267849ec0a Requirements Shodan Geopy Foilum Colorama pip install -r...
Exploit for CVE-2013-6026
PoC exploit for CVE-2013-6026, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link. The target product/service is D-Link routers, and the vulnerability class/vector is auth bypass. The probable entry point is the Shodan search engine,...
Nagios XI < 5.5.7 Multiple Vulnerabilities
Nagios XI is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagiosxi"; if description...
Code injection
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges...
CVE-2018-15711
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges...
CVE-2018-15711
Nagios XI 5.5.6 contains a privilege-escalation flaw in the API key management. A remote, authenticated attacker can reset and regenerate the API key of a higher-privileged user, then use the new key to perform API calls with elevated privileges. This is described consistently across multiple sou...
CVE-2018-15711
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges...