EUVD-2021-28014

Malicious code in bioql PyPI...

EUVD-2021-28013

Malicious code in bioql PyPI...

CVE-2021-40858

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring...

CVE-2021-40858

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring...

CVE-2021-40857

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring...

CVE-2021-40857

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring...

Arbitrary file deletion

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring...

Privilege escalation

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring...

CVE-2021-40858

Auerswald COMpact 5500R and related models are affected by CVE-2021-40858 via an Arbitrary File Disclosure in the web-based management interface. The root cause is a path traversal issue that lets users with sub-admin privileges read files on the device, exposing cleartext admin passwords through...

CVE-2021-40858

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring...

CVE-2021-40857

CVE-2021-40857 affects Auerswald COMpact line (notably 5500R) and related models. The vulnerability is a Privilege Escalation in the web-based management interface, exploitable via the passwd=1 substring, allowing low-privileged users to obtain administrator passwords. Affected versions are ≤ 8.0...

CVE-2021-40857

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring...

CVE-2021-40859

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device...

Design/Logic Flaw

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device...

CVE-2021-40859

Auerswald COMpact 5500R 7.8A and 8.0B devices expose an unauthenticated endpoint at https://192.168.1.2/about_state that enables backdoor access to the web interface and can reset the administrator password. This yields full administrative access and credentials disclosure risk via unauthenticate...

CVE-2021-40859

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device...

Auerswald COMpact 8.0B Arbitrary File Disclosure

Advisory: Auerswald COMpact Arbitrary File Disclosure RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users with the "sub-admin" privilege to access any files on the PBX's file system. Details ======= Product:...