782 matches found
CVE-2018-10695
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST...
CVE-2018-10694
The CVE-2018-10694 issue affects Moxa AWK-3121 (version 1.14). The root cause is an open, unencrypted Wi‑Fi setup by default, enabling an attacker on the same network to sniff traffic between a user’s computer and the device, potentially stealing credentials over HTTP and TELNET, and performing M...
CVE-2018-10694
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between t...
CVE-2018-10693
CVE-2018-10693 affects Moxa AWK-3121 (version 1.14). The vulnerability is a buffer overflow in the srvName POST parameter within the device’s ping/diagnostic capability, where crafting a string of 516 characters can allow an attacker to execute arbitrary commands on the device. Multiple connecte...
CVE-2018-10693
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is...
CVE-2018-10692
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily...
CVE-2018-10692
The CVE-2018-10692 issue affects Moxa AWK-3121 devices (version 1.14) where the session cookie Password508 is not HttpOnly, enabling a cross-site scripting attacker to steal the cookie. Connected sources (NVD, CISA/ICS advisory, and Nessus plugin) confirm this vulnerability is tied to the HTTP co...
CVE-2018-10691
The CVE-2018-10691 issue affects Moxa AWK-3121 devices (version 1.14) and is caused by Improper Access Control, allowing an unauthenticated user to download /systemlog.log (system log) via the device web interface. Public sources (NVD, CISA/ICS advisory, CNVD) confirm the vulnerability and its im...
CVE-2018-10691
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log the system log. However, the same functionality allows an attacker to download the file without any authentication or authorization...
CVE-2018-10690
The CVE-2018-10690 entry concerns Moxa AWK-3121 (version 1.14) where the device defaults to HTTP, enabling cleartext transmission of sensitive information. Multiple connected sources confirm the vulnerability is due to insecure web traffic allowing an attacker to sniff credentials and other data....
CVE-2018-10690
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...
PT-2019-8761 · Moxa · Moxa Awk-3121
Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered where the device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. This allows an attacker to sniff the traffic passing between the...
PT-2019-8764 · Moxa · Moxa Awk-3121
Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered in the Moxa AWK-3121 device, where the ping functionality, intended for administrators to check network connectivity via ICMP calls, can be exploited by an attacker to execute...
PT-2019-8757 · Moxa · Moxa Awk-3121
Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered where the device allows HTTP traffic by default, providing an insecure communication mechanism for users connecting to the web server. This allows an attacker to easily sniff the...
PT-2019-8765 · Moxa · Moxa Awk-3121
Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered where the device enables an unencrypted TELNET service by default. This allows an attacker who has gained a Man-In-The-Middle MITM position to easily sniff the traffic between th...
Denial Of Service (DoS)
file is vulnerable to denial of service DoS attacks. The vulnerability exists as file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking duri...
Awk to Perl 1.007-5 - Buffer Overflow (PoC)
Exploit Title: Awk to Perl 1.007-5 - Buffer Overflow PoC Author: Todor Donev Date: 2018-07-11 Software: Linux Awk to Perl Translator '/usr/bin/a2p' Version: 1.007-5 CVE: N/A Tested on: CentOS 6.9, Ubuntu 10 todor@adamantium $ python -c "print 'A' 2070" | a2p /dev/null Segmentation fault...
Awk to Perl 1.007-5 - Buffer Overflow (PoC)
Awk to Perl 1.007-5 - Buffer Overflow PoC Exploit Title: Awk to Perl 1.007-5 - Buffer Overflow PoC Author: Todor Donev Date: 2018-07-11 Software: Linux Awk to Perl Translator '/usr/bin/a2p' Version: 1.007-5 CVE: N/A Tested on: CentOS 6.9, Ubuntu 10 todor@adamantium $ python -c "print 'A' 2070" |...
Linux Awk To Perl Translator Buffer Overflow
Linux Awk to Perl translator /usr/bin/a2p Buffer Overflow PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies,...
Moxa AWK-3131A Operating System Command Injection Vulnerability
Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the Telnet, SSH, and console login functions of the Moxa AWK-3131A using firmware versions 1.4 through 1.7. A remote attacker can exploit this vulnerability to execute root OS...