EUVD-2018-1964

Malware in sbrugna...

EUVD-2018-1962

Malware in sbrugna...

EUVD-2018-1965

Malware in sbrugna...

EUVD-2018-1966

Malware in sbrugna...

EUVD-2018-1961

Malware in sbrugna...

EUVD-2018-1959

Malware in sbrugna...

Chicago students lose data to ransomware attackers

Chicago Public Schools CPS disclosed on Friday that students may have had their data taken in a ransomware incident involving one of its vendors. The ransomware attack happened last December at Battelle for Kids BfK, based in Columbus Ohio, which develops services to provide innovation in schools...

link.battelle.org Open Redirect vulnerability

Open Bug Bounty ID: OBB-1174907 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

link.battelle.org Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145969 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting link.battelle.org website and its users. Following...

Battelle V2I Hub Security Restriction Bypass Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A security restriction bypass vulnerability exists in Battelle V2I H...

Battelle V2I Hub Denial of Service Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A denial-of-service vulnerability exists in Battelle V2I Hub version...

Battelle V2I Hub Security Restriction Bypass Vulnerability (CNVD-2019-03264)

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A security restriction bypass vulnerability exists in Battelle V2I H...

Battelle V2I Hub Hardcoded Credentials Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A hard-coded credentials vulnerability exists in Battelle V2I Hub...

Battelle V2I Hub SQL Injection Vulnerability (CNVD-2019-03267)

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A SQL injection vulnerability exists in Battelle V2I Hub version 3.0...

Battelle V2I Hub Cross-Site Scripting Vulnerability

The Battelle V2I Hub is a connected vehicle and roadway information management system from Battelle Memorial Institute, Inc. The system supports effective communication between infrastructure information and vehicle information. A cross-site scripting vulnerability exists in Battelle V2I Hub...

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or loginusername parameter in a...

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or loginusername parameter in a...

CVE-2018-1000628

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...

CVE-2018-1000631

Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::userinfo function, which could allow the attacker to view, add, modify or delete information in the back-end database...

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...