68 matches found
EUVD-2018-20467
Malware in sbrugna...
EUVD-2018-20459
Malware in sbrugna...
EUVD-2018-20463
Malware in sbrugna...
EUVD-2018-2699
Malware in sbrugna...
EUVD-2022-42518
Malicious code in bioql PyPI...
Top Echelon Software: Clickjacking in main domain https://topechelon.com/
The target website was vulnerable to Clickjacking, a web-based attack that tricked users into interacting with a hidden or disguised iframe. The vulnerability could have been exploited to manipulate user actions, potentially leading to unauthorized activities...
CVE-2022-3089
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...
Design/Logic Flaw
Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...
CVE-2022-3089
The CVE-2022-3089 entry maps to EnOcean/Echelon SmartServer 2.2 with i.LON Vision 2.2, where cleartext credentials are stored in a file. This allows an attacker who retrieves that file to obtain usernames and passwords and potentially take control of the SmartServer’s web UI and FTP server. Publi...
Echelon i.LON SmartServer 信任管理问题漏洞
Echelon i.LON SmartServer is a low-cost, high-performance controller, network manager, router, remote network interface, and web server from Echelon that can be used to connect LONWORKS, Modbus, and M-Bus devices to a corporate network or the Internet. A trust management issue vulnerability exist...
PT-2023-13022 · Echelon · Echelon Smartserver +1
Name of the Vulnerable Software and Affected Versions: Echelon SmartServer version 2.2 with i.LON Vision 2.2 Description: The issue allows an attacker to obtain cleartext usernames and passwords of the SmartServer by accessing a file that stores credentials in cleartext. If the attacker obtains t...
Genesys PureConnect Cross Site Scripting
Product: Genesys PureConnect - Interaction Web Tools Chat Service Description: Interaction Web Tools Chat Service allows XSS within the Printable Chat History via the participant - name JSON POST parameter. Vulnerability Type: XSS Vendor of Product: Genesys PureConnect Affected Product Code Base:...
Genesys PureConnect Cross Site Scripting Vulnerability
Product: Genesys PureConnect - Interaction Web Tools Chat Service Description: Interaction Web Tools Chat Service allows XSS within the Printable Chat History via the participant - name JSON POST parameter. Vulnerability Type: XSS Vendor of Product: Genesys PureConnect Affected Product Code Base:...
Telegram Abused to Steal Crypto-Wallet Credentials
Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found. Researchers at the SafeGuard Cyber’s Division Seven threat...
Echelon PII Leak and Disclosure Fail
Echelon Echelon Fitness is a competitor to companies such as Peloton. You buy the hardware, quickly assemble it, buy a subscription, use a built-in or external smart device and you do your exercise thing! However, their API had significantly worse security flaws than those we found in Peloton...
Top Echelon Software: Public and secret api key leaked in JavaScript source
Summary: Summary the vulnerabilities I am surfing on the bb3jobboard.topechelon.com website. I found a sensitive data including authentication key written in public accessible javascript file. URL Vulnerability https://bb3jobboard.topechelon.com/!/search?page=1 Steps To Reproduce: Open...
Top Echelon Software: Disable xmlrpc.php file
Summary: xmlrpc.php can be used for portscanning or bruteforce attacks. Better is to hide this file. Steps To Reproduce: 1. Go to https://www.topechelon.com/xmlrpc.php 2. send a post request. POST /xmlrpc.php HTTP/1.1 Host: www.topechelon.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:60.0...
Top Echelon Software: able to login into login.topechelon.com
The support login for our administrative account was using insecure credentials, allowing access to our administrative account. These credentials are not used, so we chose to deactivate the login to prevent access...
Echelon SmartServer Detection
Detection of Echelon SmartServer devices. The script sends a connection request to the server and attempts to detect Echelon SmartServer devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Echelon i.LON Detection
Detection of Echelon i.LON devices. The script sends a connection request to the server and attempts to detect Echelon i.LON devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...