Sint Wind PI v01.26.19 Authentication Bypass

Summary A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind condition and other meteo data telephone answering machine. This implementation uses a Raspberry PI with an Huawei 3G dongle. The Sint Wind is compatible...

Phoenix Contact managed FL SWITCH Command Injection Vulnerability

Phoenix Contact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications in industries such as communications, critical manufacturing and information technology. A command injection vulnerability exists in the Phoenix Contact...

Authorization

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user...

CVE-2018-10729

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user...

CVE-2018-10729

Phoenix Contact FL SWITCH series (3xxx/4xxx/48xx) running firmware 1.0–1.33 are affected by an information-disclosure vulnerability that allows an unauthenticated attacker to read the device configuration file. The issue is cataloged as CVE-2018-10729; the related ICS/CERT advisory notes informat...

CVE-2018-10729

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user...

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : PHOENIX CONTACT Equipment : FL SWITCH 3xxx/4xxx/48xx Series Vulnerabilities : Command Injection, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of...

Moxa EDR-810 Denial of Service Vulnerability (CNVD-2018-11731)

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A denial of service vulnerability exists in the web server functionality of the Moxa EDR-810 V4.1 build 17030317. The vulnerability can be exploited to cau...

Sandmap - A Tool Supporting Network And System Reconnaissance Using The Massive Nmap Engine

Sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques. Key Features simple CLI with the ability to run pure Nmap engine...

OMRON CX-One CX-FLnet Version and Node Name Heap-based Buffer Overflow (CVE-2018-8834)

A heap-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing Version and Node Name parameter of the FLN configuration file. A remote attacker could exploit these vulnerabilities by enticing a target user into opening a maliciousl...

SaferVPN for Windows Privileged Access Vulnerability

SaferVPN for Windows is a Windows-based VPN software. A power lifting vulnerability exists in the SaferVPN.Service service in SaferVPN version 4.2.5 for Windows-based platforms. An attacker can exploit this vulnerability to execute code as the SYSTEM user by modifying a configuration file to...

Combodo iTop Command Injection Vulnerability

Combodo iTop also known as IT Operations Portal, IT Operations Portal is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The tool provides incident management, configuration management and problem management and...

openSUSE: Security Advisory for corosync (openSUSE-SU-2018:1136-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for corosync (important)

This update for corosync fixes the following issues: - CVE-2018-1084: Integer overflow in totemcrypto:authenticatenss23 could lead to command execution bsc1089346 - Providing an empty uid or gid results in coroparse adding uid 0. bsc1066585 - Fix a problem with configuration file incompatibilitie...

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender Unauthorized Remote Reboot

Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category: dos 1. www.shodan.io with title...

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link:...

TP-Link TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot Vulnerability

Exploit for hardware platform in category web applications Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category:...

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot

Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category: dos 1. www.shodan.io with title...

UBUNTU-CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...

CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...