49 matches found
ExaGrid appliances path traversal vulnerability
ExaGrid appliances is a disk backup application. A path traversal vulnerability exists in ExaGrid appliances using firmware version 4.8.1.1044.P50. The vulnerability stems from the failure of a networked system or product to properly filter for special elements in a resource or file path. An...
CVE-2019-12310
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...
CVE-2019-12310
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...
Directory traversal
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...
CVE-2019-12310
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...
CVE-2019-12310
CVE-2019-12310 affects ExaGrid appliances (firmware v4.8.1.1044.P50). The issue is a directory traversal in /monitor/data/Upgrade/ that may let remote attackers view and retrieve verbose run-time information, including Base64-encoded 'support' credentials, enabling administrative access. No expli...
The vulnerability of ExaGrid backup device’s microprogramming software, related to the use of pre-installed credentials, allows a perpetrator to gain access to devices with root privileges.
The vulnerability of ExaGrid backup device software relates to the use of pre-installed credentials. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to the device with root privileges, using the pre-installed password “inflection” for the “root” account...
exagrid.com XSS vulnerability
Open Bug Bounty ID: OBB-312079 Description| Value ---|--- Affected Website:| exagrid.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Default credentials
ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...
CVE-2016-1561
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...
CVE-2016-1561
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...
Design/Logic Flaw
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...
CVE-2016-1560
ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...
CVE-2016-1560
ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...
CVE-2016-1561
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...
CVE-2016-1560
ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...
CVE-2016-1560
ExaGrid appliances running firmware before 4.8 P26 are affected by CVE-2016-1560 due to default credentials: root shell account password (inflection) and support account access via the web interface. This enables remote attackers to obtain administrative access through SSH or HTTP without exploit...
CVE-2016-1561
CVE-2016-1561 affects ExaGrid appliances running firmware before 4.8 P26, where a root SSH public key is stored in authorized_keys, enabling remote SSH access if the attacker has the corresponding private key from another installation or a firmware image. Multiple sources (NVD entry and mirrored ...
CVE-2016-1561
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. Recent assessments: h00die at March 24, 202...
ExaGrid - Known SSH Key and Default Password Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class MetasploitModule 'ExaGrid Known SSH Key and Default Password',...