Lucene search
K

49 matches found

CNVD
CNVD
added 2019/06/05 12:0 a.m.3 views

ExaGrid appliances path traversal vulnerability

ExaGrid appliances is a disk backup application. A path traversal vulnerability exists in ExaGrid appliances using firmware version 4.8.1.1044.P50. The vulnerability stems from the failure of a networked system or product to properly filter for special elements in a resource or file path. An...

9.8CVSS6.9AI score0.03254EPSS
Exploits1References1
NVD
NVD
added 2019/06/03 7:29 p.m.24 views

CVE-2019-12310

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...

9.8CVSS9.5AI score0.03254EPSS
Exploits1References2
OSV
OSV
added 2019/06/03 7:29 p.m.2 views

CVE-2019-12310

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...

9.8CVSS7.4AI score0.03254EPSS
Exploits1References2
Prion
Prion
added 2019/06/03 7:29 p.m.17 views

Directory traversal

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...

5CVSS9.5AI score0.03254EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/06/03 6:59 p.m.19 views

CVE-2019-12310

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...

9.5AI score0.03254EPSS
Exploits1References2
CVE
CVE
added 2019/06/03 6:59 p.m.69 views

CVE-2019-12310

CVE-2019-12310 affects ExaGrid appliances (firmware v4.8.1.1044.P50). The issue is a directory traversal in /monitor/data/Upgrade/ that may let remote attackers view and retrieve verbose run-time information, including Base64-encoded 'support' credentials, enabling administrative access. No expli...

9.8CVSS9.4AI score0.03254EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.6 views

The vulnerability of ExaGrid backup device’s microprogramming software, related to the use of pre-installed credentials, allows a perpetrator to gain access to devices with root privileges.

The vulnerability of ExaGrid backup device software relates to the use of pre-installed credentials. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to the device with root privileges, using the pre-installed password “inflection” for the “root” account...

10CVSS7.8AI score0.72289EPSS
Exploits4References4
Openbugbounty
Openbugbounty
added 2017/09/25 9:33 p.m.6 views

exagrid.com XSS vulnerability

Open Bug Bounty ID: OBB-312079 Description| Value ---|--- Affected Website:| exagrid.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Prion
Prion
added 2017/04/21 8:59 p.m.15 views

Default credentials

ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...

10CVSS7.6AI score0.72289EPSS
Exploits4References3Affected Software8
OSV
OSV
added 2017/04/21 8:59 p.m.6 views

CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...

7.5CVSS5.9AI score0.74261EPSS
Exploits4References3
NVD
NVD
added 2017/04/21 8:59 p.m.16 views

CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...

7.5CVSS7.5AI score0.74261EPSS
Exploits4References3
Prion
Prion
added 2017/04/21 8:59 p.m.14 views

Design/Logic Flaw

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...

5CVSS7.2AI score0.74261EPSS
Exploits4References3Affected Software8
OSV
OSV
added 2017/04/21 8:59 p.m.4 views

CVE-2016-1560

ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...

9.8CVSS5.8AI score0.72289EPSS
Exploits4References3
NVD
NVD
added 2017/04/21 8:59 p.m.16 views

CVE-2016-1560

ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...

10CVSS9.6AI score0.72289EPSS
Exploits4References3
Cvelist
Cvelist
added 2017/04/21 8:0 p.m.18 views

CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image...

8AI score0.74261EPSS
Exploits4References3
Cvelist
Cvelist
added 2017/04/21 8:0 p.m.24 views

CVE-2016-1560

ExaGrid appliances with firmware before 4.8 P26 have a default password of 1 inflection for the root shell account and 2 support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session...

9.6AI score0.72289EPSS
Exploits4References3
CVE
CVE
added 2017/04/21 8:0 p.m.62 views

CVE-2016-1560

ExaGrid appliances running firmware before 4.8 P26 are affected by CVE-2016-1560 due to default credentials: root shell account password (inflection) and support account access via the web interface. This enables remote attackers to obtain administrative access through SSH or HTTP without exploit...

10CVSS9.4AI score0.72289EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2017/04/21 8:0 p.m.78 views

CVE-2016-1561

CVE-2016-1561 affects ExaGrid appliances running firmware before 4.8 P26, where a root SSH public key is stored in authorized_keys, enabling remote SSH access if the attacker has the corresponding private key from another installation or a firmware image. Multiple sources (NVD entry and mirrored ...

7.5CVSS7.5AI score0.74261EPSS
Exploits4References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/04/21 12:0 a.m.19 views

CVE-2016-1561

ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorizedkeys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. Recent assessments: h00die at March 24, 202...

7.5CVSS4.4AI score0.74261EPSS
Exploits4References4
0day.today
0day.today
added 2017/03/23 12:0 a.m.158 views

ExaGrid - Known SSH Key and Default Password Exploit

Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class MetasploitModule 'ExaGrid Known SSH Key and Default Password',...

10CVSS7.8AI score0.74261EPSS
Exploits5
Rows per page
Query Builder