41 matches found
CVE-2015-7286
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic...
CVE-2015-7285
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center ARC servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response...
Command injection
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...
Authentication flaw
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center ARC servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response...
Design/Logic Flaw
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message...
Hardcoded credentials
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic...
CVE-2015-7288
The CVE-2015-7288 entry affects CSL DualCom GPRS CS2300-R alarm signaling boards with firmware 1.25–3.53. A remote, unauthenticated attacker could modify device configuration via an SMS command (e.g., “4 2”). The CERT/CC entry expands on multiple issues in these devices (improper authentication, ...
CVE-2015-7286
CVE-2015-7286 affects CSL DualCom GPRS CS2300-R alarm signalling boards (firmware 1.25–3.53). The root cause is a proprietary, polyalphabetic substitution cipher with hardcoded keys, enabling a remote attacker to decrypt or manipulate communications between SPTs and ARC servers. The vulnerability...
CVE-2015-7287
The CVE-2015-7287 issue affects CSL DualCom GPRS CS2300-R alarm signaling boards (firmware 1.25–3.53). A non-unique, default PIN (001984) is used across installations, enabling remote command execution via SMS when knowledge of the PIN is included in a message. Impacted devices could be controlle...
CVE-2015-7285
The CVE-2015-7285 entry concerns CSL DualCom GPRS CS2300-R alarm signalling boards (firmware 1.25–3.53). The vulnerability is a lack of mutual authentication between CS2300-R SPTs and ARC polling servers, enabling MITM attackers to spoof HSxx responses and bypass access controls. Connected source...
CVE-2015-7285
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center ARC servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response...
CVE-2015-7286
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic...
CVE-2015-7287
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message...
CVE-2015-7288
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...
CSL DualCom GPRS CS2300-R SPT is vulnerable (CNVD-2015-07790)
The CSL DualCom GPRS CS2300-R SPT is an alarm signaling board from CSL DualCom, UK, which provides a communication link between the burglar alarm and the monitoring center, allowing signals to be sent to the monitoring center when the alarm goes off, via the mobile network, ordinary phone lines o...
CorelDRAW X3 13.0.0.576 - DLL Hijacking Exploit (crlrib.dll)
No description provided by source. / CorelDRAW X3 v13.0.0.576 crlrib.dll DLL Hijacking Exploit Vendor: Corel Corporation Product Web Page: http://www.corel.com Affected Version: X3 v13.0.0.576 Summary: Graphic design software for striking visual communication. Desc: CorelDRAW X3 suffers from a dl...
Code Snippets 0.9 Insecure Session
--------------------------------------- Author : L3b-r1'z Title : Code Snippets Version 0,9 insecure session Date : 6/30/2012 Email : [email protected] Site : Sec4Ever.com & Exploit4arab.com Google Dork : allintext: "Powered by: PHP-CSL V0.9" Version : 1.1.0 6/30/2012 - Vulnerability discovered...
CSLSecurity Hacked by TeaMp0isoN
CSLSecurity Hacked by TeaMp0isoN CSL Security hacked by TeaMp0isoN. CSL Security claim to be "New LulzSec " type hacking Group. Their goal is to show that most of the important websites are vulnerable,They claim to show that any system can be compromised, nothing is secure. They Hit Sites,...
Metropolitan UK Police hacked for #Antisec by CSL Security using SQL injection Vulnerability
Metropolitan UK Police hacked for Antisec by CSL Security using SQL injection Vulnerability One of the Anonymous Hacker "CSL Security" expose SQL Injection Vulnerability in Metropolitan UK Police website via Twitter. He posted the stuff on Pastebin. Vulnerable link is also posted by hacker. Where...
Metropolitan UK Police hacked for #Antisec by CSL Security using SQL injection Vulnerability
Metropolitan UK Police hacked for Antisec by CSL Security using SQL injection Vulnerability One of the Anonymous Hacker "CSL Security " expose SQL Injection Vulnerability in Metropolitan UK Police website via Twitter. He posted the stuff on Pastebin. Vulnerable link is also posted by hacker. Wher...