33 matches found
EUVD-2017-14276
Malware in sbrugna...
EUVD-2017-14275
Malware in sbrugna...
EUVD-2017-14274
Malware in sbrugna...
EUVD-2017-14273
Malware in sbrugna...
Binom3 Web Management Login Scanner, Config And Password File Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Binom3 Web Management Login Scanner, Config and Password File Dump', 'Description' = % This module scans for Binom3 Multifunctional Revenue Energ...
CVE-2017-5167
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords...
CVE-2017-5165
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per sensitive function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration...
CVE-2017-5166
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device...
CVE-2017-5162
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration...
Authentication flaw
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration...
Design/Logic Flaw
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device...
Cross site request forgery (csrf)
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per sensitive function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration...
Cross site scripting
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session CROSS-SITE SCRIPTING...
CVE-2017-5164
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session CROSS-SITE SCRIPTING...
CVE-2017-5162
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration...
CVE-2017-5165
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per sensitive function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration...
CVE-2017-5167
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords...
CVE-2017-5166
CVE-2017-5166 affects the BINOM3 Universal multifunctional Electric Power Quality Meter. The vulnerability is an information exposure (CWE-200) flaw that can be used to gain privileged access to the device. From the connected records, the issue is described with high impact: confidential, integri...
CVE-2017-5167
The CVE-2017-5167 issue affects BINOM3 Universal Multifunctional Electric Power Quality Meter due to a hard-coded password/Vulnerability: Users cannot change their passwords. Public advisories (ICS-CERT update and CVE entries) describe the impact as unauthorized access to the device, potential se...
CVE-2017-5164
CVE-2017-5164 affects BINOM3 Electric Power Quality Meter (Universal multifunctional model). The vulnerability is Cross-Site Scripting caused by input from a malicious client not being properly verified by the server, allowing script execution in another user’s browser session. The CVE is describ...