58 matches found
MiracleLinux 3 : wireshark-1.0.15-1.3.0.1.AXS3 (AXSA:2011-03:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-03:01 advisory. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains...
CVE-2019-12776
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-12775
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...
CVE-2019-12777
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They replace secure and protected directory permissions set as default by the underlying operating system with highly insecure read, write, and execute directory...
EUVD-2019-4361
Malware in sbrugna...
EUVD-2019-4359
Malware in sbrugna...
EUVD-2019-4360
Malware in sbrugna...
EUVD-2019-16101
Malware in sbrugna...
EUVD-2019-4358
Malware in sbrugna...
SUSE CVE-2010-4538
Buffer overflow in the sectenttecdmxda function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding RLE compression...
ENTTEC Lighting Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control...
Arbitrary Code Execution
wireshark is vulnerable to arbitrary code execution. An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code...
ENTTEC Datagate Mk2 Cross-Site Scripting Vulnerability
The ENTTEC Datagate MK2 is a lighting controller from ENTTEC Australia. A cross-site scripting vulnerability exists in the Web Configuration feature in the ENTTEC Datagate Mk2 70044update05032019-482 release. The vulnerability stems from the WEB application lacking proper validation of client dat...
CVE-2019-12777
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They replace secure and protected directory permissions set as default by the underlying operating system with highly insecure read, write, and execute directory...
CVE-2019-12775
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...
CVE-2019-12776
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
Cross site scripting
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
Design/Logic Flaw
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They replace secure and protected directory permissions set as default by the underlying operating system with highly insecure read, write, and execute directory...