EUVD-2018-17155

Malware in sbrugna...

EUVD-2018-17157

Malware in sbrugna...

CVE-2018-5384

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

CVE-2018-5385

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...

CVE-2018-5386

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak...

CVE-2018-5384

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

CVE-2018-5385

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...

CVE-2018-5386

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak...

Sql injection

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

Session fixation

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...

Authentication flaw

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak...

CVE-2018-5386 Some Navarino Infinity functions placed in the URL can bypass any authentication mechanism leading to an information leak

Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak...

CVE-2018-5385

CVE-2018-5385 affects Navarino Infinity web interface (up to version 2.2). The vulnerability arises from accepting the session ID as a GET parameter, enabling session fixation that can bypass two-factor authentication in some installations, with potential phishing implications. The linked sources...

CVE-2018-5384 Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

CVE-2018-5385 Navarino Infinity web interface up to version 2.2 is prone to session fixation attacks

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...

Navarino Infinity SQL Injection Vulnerability

Navarino Infinity is a maritime bandwidth management and optimization solution from Navarino Greece. The solution can be used to equip many types of vessels. A SQL injection vulnerability exists in Navarino Infinity version 2.1.7. A remote attacker could exploit the vulnerability to inject SQL...

Navarino Infinity Security Bypass Vulnerability

Navarino Infinity is a maritime bandwidth management and optimization solution from Navarino Greece. The solution can be used to equip many types of vessels. A security vulnerability exists in Navarino Infinity version 2.1.7. A remote attacker could exploit the vulnerability to bypass the...

Navarino Infinity Session Fixation Vulnerability

Navarino Infinity is a maritime bandwidth management and optimization solution from Navarino Greece. The solution can be used to equip many types of vessels. A session fixation vulnerability exists in Navarino Infinity version 2.1.7. A remote attacker can exploit this vulnerability to hijack...

Navarino Infinity web interface is affected by multiple vulnerabilities.

Overview Navarino Infinity web interface up to version 2.2 is affected by multiple vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2018-5384| Navarino Infinity exposes an unauthenticated script that is prone to blind sq...

Navarino Infinity Blind SQL Injection / Session Fixation

There is also a blog post about that on: https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 Vulnerability Security Advisory ======================================================================= title: Multiple vulnerabilities product: All Navarino infinity products...