Auerswald COMpact 8.0B - Multiple Backdoors Vulnerability

Exploit Title: Auerswald COMpact 8.0B - Multiple Backdoors Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Multiple Backdoors RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to...

Auerswald Compact 系列安全漏洞

The Auerswald Compact Series is an Ict solution from Auerswald Germany. a security vulnerability exists in the Auerswald Compact Series that could be exploited by an attacker to access a web-based management application for full administrative access to the device...

Auerswald Compact 系列 路径遍历漏洞

The Auerswald Compact Series is an Ict solution from Auerswald Germany. file system...

Auerswald COMpact 8.0B Backdoors

Advisory: Auerswald COMpact Multiple Backdoors RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to access the web-based management application full administrative access to the device. Details =======...

Auerswald COMpact 8.0B - Multiple Backdoors

Exploit Title: Auerswald COMpact 8.0B - Multiple Backdoors Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Multiple Backdoors RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers w...

Auerswald COMpact 8.0B - Arbitrary File Disclosure Vulnerability

Exploit Title: Auerswald COMpact 8.0B - Arbitrary File Disclosure Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Arbitrary File Disclosure RedTeam Pentesting discovered a vulnerability in the web-based management interface of the Auerswald COMpact 5500R PBX which allows users...

CVE-2021-26777

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...

Buffer overflow

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIRCDCv1.2.17, allows attackers to execute arbitrary code...

CVE-2021-26777

CVE-2021-26777 concerns a buffer overflow in SetFirewall within index.cgi of Circutor Compact DC-S BASIC smart metering concentrator firmware CIR_CDC_v1.2.17. The flaw stems from improper data boundary handling, enabling an attacker to execute arbitrary code remotely via the device’s network inte...

Design/Logic Flaw

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31883

CVE-2021-31883 affects Siemens APOGEE MBC / TALON products (Nucleus RTOS) including APOGEE MBC (PPC/BACnet), APOGEE MEC, APOGEE PXC Compact/Modular, Desigo PXC variants, and Capital VSTAR with Ethernet options. Root cause: DHCP client processing fails to validate the length of Vendor option(s) in...

CVE-2021-31882

CVE-2021-31882 affects Siemens APOGEE MBC/TALON/Nucleus products (e.g., Capital Embedded AR Classic 431-422 family and AR Classic R20-11, affected “All versions” in some entries). The root cause is that the DHCP client does not validate the length of the Domain Name Server IP option (0x06) when p...

PT-2021-19564 · Unknown · Nucleus Readystart V3 +9

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 APOGEE MBC PPC BACnet all versions APOGEE MBC PPC P2 Ethernet all versions APOGEE MEC PPC BACnet all versions APOGEE MEC PP...

WordPress Compact WP Audio Player plugin cross-site request forgery vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress Compact WP Audio Player plugin in versions prior to 1.9.7, which stems from the fact that the web application does not adequatel...

RUSTSEC-2021-0137 sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...

sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...

CVE-2021-24735

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

CVE-2021-24735

The CVE-2021-24735 entry concerns the WordPress plugin Compact WP Audio Player (pre-1.9.7). Connected sources corroborate a CSRF vulnerability caused by missing nonce checks, enabling an attacker with a logged‑in admin session to change the Disable Simultaneous Play setting. Affected version rang...

CVE-2021-24734

The CVE-2021-24734 entry affects the WordPress Compact WP Audio Player plugin (versions prior to 1.9.7). The root cause is insufficient escaping of shortcodes attributes, enabling Stored XSS by users with as low as Contributor. Impact is client-side JavaScript execution in affected pages. Remedia...

CVE-2021-24734 Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting

The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...