EUVD-2018-20467

Malware in sbrugna...

EUVD-2018-20463

Malware in sbrugna...

EUVD-2018-20459

Malware in sbrugna...

EUVD-2018-2699

Malware in sbrugna...

EUVD-2022-42518

Malicious code in bioql PyPI...

Top Echelon Software: Clickjacking in main domain https://topechelon.com/

The target website was vulnerable to Clickjacking, a web-based attack that tricked users into interacting with a hidden or disguised iframe. The vulnerability could have been exploited to manipulate user actions, potentially leading to unauthorized activities...

CVE-2022-3089

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

Design/Logic Flaw

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

CVE-2022-3089

The CVE-2022-3089 entry maps to EnOcean/Echelon SmartServer 2.2 with i.LON Vision 2.2, where cleartext credentials are stored in a file. This allows an attacker who retrieves that file to obtain usernames and passwords and potentially take control of the SmartServer’s web UI and FTP server. Publi...

Echelon i.LON SmartServer 信任管理问题漏洞

Echelon i.LON SmartServer is a low-cost, high-performance controller, network manager, router, remote network interface, and web server from Echelon that can be used to connect LONWORKS, Modbus, and M-Bus devices to a corporate network or the Internet. A trust management issue vulnerability exist...

PT-2023-13022 · Echelon · Echelon Smartserver +1

Name of the Vulnerable Software and Affected Versions: Echelon SmartServer version 2.2 with i.LON Vision 2.2 Description: The issue allows an attacker to obtain cleartext usernames and passwords of the SmartServer by accessing a file that stores credentials in cleartext. If the attacker obtains t...

Genesys PureConnect Cross Site Scripting

Product: Genesys PureConnect - Interaction Web Tools Chat Service Description: Interaction Web Tools Chat Service allows XSS within the Printable Chat History via the participant - name JSON POST parameter. Vulnerability Type: XSS Vendor of Product: Genesys PureConnect Affected Product Code Base:...

Genesys PureConnect Cross Site Scripting Vulnerability

Product: Genesys PureConnect - Interaction Web Tools Chat Service Description: Interaction Web Tools Chat Service allows XSS within the Printable Chat History via the participant - name JSON POST parameter. Vulnerability Type: XSS Vendor of Product: Genesys PureConnect Affected Product Code Base:...

Telegram Abused to Steal Crypto-Wallet Credentials

Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found. Researchers at the SafeGuard Cyber’s Division Seven threat...

Echelon PII Leak and Disclosure Fail

Echelon Echelon Fitness is a competitor to companies such as Peloton. You buy the hardware, quickly assemble it, buy a subscription, use a built-in or external smart device and you do your exercise thing! However, their API had significantly worse security flaws than those we found in Peloton...

Top Echelon Software: Public and secret api key leaked in JavaScript source

Summary: Summary the vulnerabilities I am surfing on the bb3jobboard.topechelon.com website. I found a sensitive data including authentication key written in public accessible javascript file. URL Vulnerability https://bb3jobboard.topechelon.com/!/search?page=1 Steps To Reproduce: Open...

billots (=0.1.1), bitdust (=0.0.2) +49 more potentially affected by CVE-2020-10109 via twisted (>=16.0.0 <=19.7.0)

twisted PYPI version =16.0.0, =0.1.0, =18.4.0, =3.1.0, =1.2.0, =0.14.2, =0.0.3, =2019.5.0, =1.0.0, =1.4.3, =0.1.0, =0.3.4, =0.3.6 and more Source cves: CVE-2020-10109 Source advisory: OSV:GHSA-P5XH-VX83-MXCJ...

Top Echelon Software: Disable xmlrpc.php file

Summary: xmlrpc.php can be used for portscanning or bruteforce attacks. Better is to hide this file. Steps To Reproduce: 1. Go to https://www.topechelon.com/xmlrpc.php 2. send a post request. POST /xmlrpc.php HTTP/1.1 Host: www.topechelon.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:60.0...

Top Echelon Software: able to login into login.topechelon.com

The support login for our administrative account was using insecure credentials, allowing access to our administrative account. These credentials are not used, so we chose to deactivate the login to prevent access...

billots (=0.1.1), bitdust (=0.0.2) +43 more potentially affected by CVE-2019-12387 via twisted (>=16.0.0 <=19.2.0)

twisted PYPI version =16.0.0, =0.1.0, =18.4.0, =3.1.0, =0.14.2, =0.0.3, =2019.5.0, =1.0.0, =1.4.3, =0.1.0, =0.3.4, =4.0.0, =4.0.0rc1 and more Source cves: CVE-2019-12387 Source advisory: OSV:GHSA-6CC5-2VG4-CC7M...