10 matches found
CVE-2020-29552
An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...
CVE-2020-29551
An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...
Design/Logic Flaw
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...
Command injection
An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...
Design/Logic Flaw
An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...
CVE-2020-29551
An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...
CVE-2020-29552
An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...
CVE-2020-29550
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...
Urve Operating System Command Injection Vulnerability
Urve is a device for booking meeting rooms/rooms from Urve UK. The appliance supports integration with MS Exchange, Lotus, Office 365, Google Calendar and other systems to support meeting room and guest room reservations. Urve Build 24.03.2020 suffers from an operating system command injection...
Urve Access Control Error Vulnerability
Urve is a device for booking meeting rooms/rooms from Urve UK. The device supports integration with MS Exchange, Lotus, Office 365, Google Calendar and other systems to support meeting room and guest room reservations. An Access Control Error vulnerability exists in URVE Build 24.03.2020, which...