32 matches found
Powertek Firmware <3.30.30 - Authorization Bypass
Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...
CVE-2021-22810
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
EUVD-2022-36219
Malicious code in bioql PyPI...
EUVD-2021-9949
Malicious code in bioql PyPI...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
Cyber Power Systems PowerPanel Business Edition 安全漏洞
Cyber Power Systems PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures, and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distribution Units. ...
Data Center Vulnerabilities a Ticking Time Bomb for Cloud Services
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several flaws in critical data center infrastructure management systems and power distribution units pose a significant risk to cloud-based services. CyberPowers PowerPanel Enterprise has four...
CyberPower PowerPanel Business Edition 安全漏洞
Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
Authorization
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
CVE-2022-33174
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...
CVE-2022-33174
Summary: CVE-2022-33174 affects Powertek firmware-based Power Distribution Units prior to 3.30.30. An attacker can bypass active session authorization by sending an HTTP request to /cgi/get_param.cgi with the tmpToken cookie set to an empty string followed by a semicolon, enabling access to prote...
CVE-2022-33175
Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...
CVE-2022-33175
Power Distribution Units (Powertek firmware) prior to 3.30.30 are affected. The vulnerability arises from an insecure permissions setting on the user.token field, exposed via the /cgi/get_param.cgi HTTP API, allowing disclosure of active administrator session IDs. This can enable session hijackin...
Powertek PDU Certification Bypass Vulnerability
Powertek, a company that manufactures data center-grade intelligent PDUs power distribution units, or heavy-duty power cords for server racks, has an authentication bypass vulnerability that can be exploited by an attacker to bypass active session authorization checks. It can then be used to gain...