24 matches found
EUVD-2017-11413
Malware in sbrugna...
douro.hotelporto.net Cross Site Scripting vulnerability OBB-4040469
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-0674
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process...
CVE-2024-0676
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...
CVE-2024-0674
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process...
Design/Logic Flaw
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...
Privilege escalation
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process...
CVE-2024-0676 Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...
CVE-2024-0676
Lamassu Bitcoin ATM Douro 7.1 is affected by a weak password requirement vulnerability. A local attacker can interact with the machine hosting the application, access stored hashes and perform a dictionary attack to crack short passwords (up to 4 characters). Affected component: the ATM software ...
CVE-2024-0676 Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines
Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack...
CVE-2024-0675
Lamassu Bitcoin ATM Douro, version 7.1, is affected by a vulnerability described as improper checking for unusual or exceptional conditions. The issue could allow a physical attacker to exit kiosk mode, access the underlying Xwindow interface, and execute arbitrary commands as an unprivileged use...
CVE-2024-0675 Improper checking for unusual or exceptional conditions vulnerability in Lamassu Bitcoin ATM Douro machines
Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary...
CVE-2024-0674
CVE-2024-0674 describes a privilege-escalation in Lamassu Bitcoin ATM Douro machines (version 7.1). A local user can modify updatescript.js and create done.txt, causing the watchdog to run as root and execute the payload in updatescript.js. Connected sources corroborate this root-level impact and...
CVE-2024-0674 Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process...
Lamassu Bitcoin ATM Douro Security Breach
Lamassu Bitcoin ATM Douro is a bitcoin ATM from Lamassu. A security vulnerability exists in the Lamassu Bitcoin ATM Douro version 7.1. An attacker can exploit this vulnerability to gain root privileges and execute the payload stored in updatescript.js...
PT-2024-15740 · Lamassu · Lamassu Bitcoin Atm Douro
Name of the Vulnerable Software and Affected Versions: Lamassu Bitcoin ATM Douro version 7.1 Description: The issue allows a local user to interact with the machine, retrieve stored hashes, and crack long 4-character passwords using a dictionary attack. This is due to a weak password requirement...
PT-2024-15739 · Lamassu · Lamassu Bitcoin Atm Douro
Name of the Vulnerable Software and Affected Versions: Lamassu Bitcoin ATM Douro version 7.1 Description: The issue is related to improper checking for unusual or exceptional conditions in the Lamassu Bitcoin ATM Douro machines. This could allow an attacker with physical access to the ATM to esca...
Lamassu Bitcoin ATM Douro Security Breach
Lamassu Bitcoin ATM Douro is a Bitcoin ATM from Lamassu. A security vulnerability exists in the Lamassu Bitcoin ATM Douro version 7.1 that stems from allowing the use of weak passwords. An attacker could exploit the vulnerability to retrieve stored hashes from the machine and crack passwords up t...
Lamassu Bitcoin ATM Douro Code Issue Vulnerability
Lamassu Bitcoin ATM Douro is a Bitcoin ATM from Lamassu. A code issue vulnerability exists in Lamassu Bitcoin ATM Douro version 7.1, which stems from improper checking of exceptions or special cases. An attacker could use this vulnerability to escape kiosk mode, access the underlying Xwindow...
Douro Kouji Kanseizutou Check Program Untrusted Search Path Vulnerability
Douro Kouji Kanseizutou Check Program is a program for checking as-built drawings for road construction issued by the National Institute for Land and Infrastructure Management NILIM in Japan. An untrustworthy search path vulnerability exists in Douro Kouji Kanseizutou Check Program 3.1 and earlie...