Moxa AWK-3131A Web Application Nonce Reuse Vulnerability

Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...

Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection

!/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ', content: if ' ' in s: s = '\x20' if '\n' in s: s = '\n' else:...

Design/Logic Flaw

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series...

CVE-2016-8362

CVE-2016-8362 affects Moxa OnCell OnCellG3470A-LTE and a wide range of AWK/WAC/TAP models. The issue is described as Improper Authentication that allows any user to download log files by accessing a specific URL, with an attack scenario that does not require authentication. Impact in the public a...

FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)

A specifically crafted Composite Document File CDF file can trigger an out-of-bounds read or an invalid pointer dereference. CVE-2012-1571 A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. CVE-2013-7345 A malicious input file could...

moxa AWK-5232-RCC Series 弱口令

No description provided by source...

Gentoo Security Advisory GLSA 201408-08

Gentoo Linux Local Security Checks GLSA 201408-08 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Debian DLA-67-1 : php5 security update

CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A remote attacker could still cause a denial of service CPU consumption via a specially crafted input file that triggers backtracking during processing of an awk regular expression...

file: extensive backtracking in awk rule regular expression

A denial of service flaw was found in the File Information fileinfo extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU...

Amazon Linux AMI : php54 (ALAS-2014-343)

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

DLA-67-1 php5 - security update

Bulletin has no description...

Debian Security Advisory DSA 3008-1 (php5 - security update)

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-3538It was discovered that the original fix for CVE-2013-7345 did not...

file: extensive backtracking in awk rule regular expression

A denial of service flaw was found in the File Information fileinfo extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU...

Updated file packages fix security vulnerability

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345...

CVE-2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an...

DEBIAN-CVE-2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an...

CVE-2014-3538

CVE-2014-3538 affects the file utility: multiple flaws found in the file regular expression rules used to detect file types can cause denial of service via CPU exhaustion when processing crafted inputs; this issue is tied to an incomplete previous fix (CVE-2013-7345). Affected data shows updated ...

UBUNTU-CVE-2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service CPU consumption via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an...

openSUSE Security Update : file (openSUSE-SU-2014:0481-1)

file was updated to fix extensive backtracking in awk rule regular expression which could lead to a CPU consumption denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Medium: php54

Issue Overview: The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a...