27 matches found
CVE-2025-34156
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
EUVD-2025-35704
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
EUVD-2025-35703
Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...
CVE-2025-34155
Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...
CVE-2025-34156 Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
CVE-2025-34156
CVE-2025-34156 concerns Tibbo AggreGate Network Manager versions before 6.40.05, where an unauthenticated endpoint at /cwmp/happyaxis.jsp exposes sensitive system information. The page discloses Java system properties, server path details, and version information to unauthorized users, creating i...
CVE-2025-34155 Tibbo AggreGate Network Manager < 6.40.05 Login Functionality User Enumeration
Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...
CVE-2025-34155
CVE-2025-34155 affects Tibbo AggreGate Network Manager versions prior to 6.40.05. The issue is an observable discrepancy in login failure messages that reveals whether a provided username exists, enabling unauthenticated remote user enumeration and potentially aiding targeted brute-force/credenti...
Tibbo AggreGate Network Manager 安全漏洞
Tibbo AggreGate Network Manager is a network monitoring and IT management platform from Tibbo. A security vulnerability exists in Tibbo AggreGate Network Manager versions prior to 6.40.05, which originates from an unauthenticated endpoint /cwmp/happyaxis.jsp that exposes sensitive system...
Tibbo AggreGate Network Manager 安全漏洞
Tibbo AggreGate Network Manager is a network monitoring and IT management platform from Tibbo. A security vulnerability exists in Tibbo AggreGate Network Manager versions prior to 6.40.05, which stems from an observable response discrepancy in the login function that could lead to user enumeratio...
EUVD-2015-7811
Malware in sbrugna...
CVE-2024-12700 Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
There is an unrestricted file upload vulnerability where it is possible for an authenticated user low privileged to upload an jsp shell and execute code with the privileges of user running the web server...
CVE-2024-12700
CVE-2024-12700 relates to Tibbo AggreGate Network Manager. The provided documents identify an unrestricted file upload vulnerability in the UploaderTempFileController (Tibbo Aggregate Network Manager) that allows an authenticated, low-privileged user to upload a JSP shell and execute arbitrary co...
CVE-2024-12700 Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
There is an unrestricted file upload vulnerability where it is possible for an authenticated user low privileged to upload an jsp shell and execute code with the privileges of user running the web server...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-354-01 Hitachi Energy RTU500 series CMU ICSA-24-354-02 Hitachi Energy SDM600...
Tibbo Aggregate Network Manager UploaderTempFileController Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploaderTempFileController class. The issue results from the lack of...
PT-2024-17717 · Tibbo · Tibbo Aggregate Network Manager
Name of the Vulnerable Software and Affected Versions: Tibbo AggreGate Network Manager affected versions not specified Description: The issue is related to an unrestricted file upload vulnerability. This allows an authenticated user with low privileges to upload a jsp shell, which can then execut...
The vulnerability of the integration platform Tibbo AggreGate, which allows a hacker to load and execute arbitrary Java code.
The vulnerability of the agserverservice.exe module in the Tibbo AggreGate integration platform is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary Java code using a specially crafted XML document...
CVE-2015-7913
agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class...
CVE-2015-7912
The Ice Faces servlet in agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document...