Lucene search
K

1895 matches found

CNVD
CNVD
added 2018/12/29 12:0 a.m.2 views

Battelle V2I Hub Security Restriction Bypass Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A security restriction bypass vulnerability exists in Battelle V2I H...

9.8CVSS7AI score0.02848EPSS
Exploits0References1
CNVD
CNVD
added 2018/12/29 12:0 a.m.2 views

Battelle V2I Hub Information Disclosure Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. An information disclosure vulnerability exists in Battelle V2I Hub...

9.8CVSS6.5AI score0.02281EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.18 views

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

9.8CVSS9.4AI score0.02281EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.13 views

CVE-2018-1000626

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...

9.8CVSS9.6AI score0.02848EPSS
Exploits0References1
OSV
OSV
added 2018/12/28 4:29 p.m.6 views

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

9.8CVSS5.8AI score0.02281EPSS
Exploits0References1
Prion
Prion
added 2018/12/28 4:29 p.m.16 views

Information disclosure

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

5CVSS9.3AI score0.02281EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/12/28 4:29 p.m.20 views

Security feature bypass

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...

7.5CVSS9.5AI score0.02848EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/12/28 2:0 p.m.47 views

CVE-2018-1000628

The CVE-2018-1000628 entry concerns Battelle V2I Hub 2.5.1, where a security-restriction bypass is caused by comparing an API key against a user-supplied value via PHP’s $_GET using strcmp. By appending [] to the key parameter in API function URLs, an attacker could bypass checks and execute API ...

9.8CVSS9.4AI score0.02848EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/12/28 2:0 p.m.44 views

CVE-2018-1000626

CVE-2018-1000626 affects Battelle V2I Hub 2.5.1. The vulnerability stems from not changing the default API key, enabling a remote attacker to bypass security restrictions by using any API function with the unchanged key, to gain unauthorized access. Documented across multiple sources (NVD, CNVD/C...

9.8CVSS9.4AI score0.02848EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/12/28 2:0 p.m.21 views

CVE-2018-1000626

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...

9.6AI score0.02848EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/12/28 2:0 p.m.20 views

CVE-2018-1000628

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...

9.6AI score0.02848EPSS
Exploits0References1
CVE
CVE
added 2018/12/28 2:0 p.m.49 views

CVE-2018-1000627

Battelle V2I Hub 2.5.1 exposes an API key due to failure to restrict access to the API key file, enabling remote attackers to obtain the current API key and gain unauthorized access. This information disclosure vulnerability is described across CVE-2018-1000627 sources (NVD/CNVD) with consistent ...

9.8CVSS9.2AI score0.02281EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/12/28 2:0 p.m.21 views

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

9.4AI score0.02281EPSS
Exploits0References1
Kitploit
Kitploit
added 2018/11/29 8:22 p.m.125 views

Kamerka - Build Interactive Map Of Cameras From Shodan

Build an interactive map of cameras from Shodan. The script creates a map of Shodan cameras based on your address or coordinates. https://medium.com/@wojciech/%EA%93%98amerka-build-interactive-map-of-cameras-from-shodan-a0267849ec0a Requirements Shodan Geopy Foilum Colorama pip install -r...

7.3AI score
Exploits0References2
Gitee
Gitee
added 2018/11/29 5:24 p.m.7 views

Exploit for CVE-2013-6026

PoC exploit for CVE-2013-6026, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link. The target product/service is D-Link routers, and the vulnerability class/vector is auth bypass. The probable entry point is the Shodan search engine,...

10CVSS7AI score0.0768EPSS
Exploits4
OpenVAS
OpenVAS
added 2018/11/15 12:0 a.m.97 views

Nagios XI < 5.5.7 Multiple Vulnerabilities

Nagios XI is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagiosxi"; if description...

9.8CVSS7.9AI score0.89362EPSS
Exploits15References2
Prion
Prion
added 2018/11/14 6:29 p.m.18 views

Code injection

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges...

6.5CVSS8.4AI score0.36012EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/14 6:29 p.m.21 views

CVE-2018-15711

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges...

8.8CVSS8.5AI score0.36012EPSS
Exploits1References1
CVE
CVE
added 2018/11/14 6:0 p.m.55 views

CVE-2018-15711

Nagios XI 5.5.6 contains a privilege-escalation flaw in the API key management. A remote, authenticated attacker can reset and regenerate the API key of a higher-privileged user, then use the new key to perform API calls with elevated privileges. This is described consistently across multiple sou...

8.8CVSS8.4AI score0.36012EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/14 6:0 p.m.20 views

CVE-2018-15711

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges...

8.9AI score0.36012EPSS
Exploits1References1
Rows per page
Query Builder