67 matches found
CVE-2019-13402
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset...
CVE-2019-13402
CVE-2019-13402 affects Dynacolor FCM-MB40 devices (v1.2.0.0). The issue stems from an incomplete factory-reset process implemented by /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi, which fails to reset system accounts and the full set of services. This can allow...
CVE-2019-13401
Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...
CVE-2019-13401
Dynacolor FCM-MB40 devices (v1.2.0.0) are affected by a CSRF vulnerability in all scripts under cgi-bin/. The CNVD entry describes the issue as a cross-site request forgery vulnerability that arises because the product does not adequately verify the origin or authenticity of data, enabling an att...
CVE-2019-13400
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info...
CVE-2019-13400
CVE-2019-13400 affects Dynacolor FCM-MB40 v1.2.0.0. The issue arises from storing administrative web-interface credentials in cleartext at /etc/appWeb/appweb.pass, which can be retrieved by accessing cgi-bin/getuserinfo.cgi?mode=info. The vulnerability is evidenced in multiple sources (NVD entry ...
CVE-2019-13399
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...
CVE-2019-13399
CVE-2019-13399 affects Dynacolor FCM-MB40 v1.2.0.0, which uses a hard-coded SSL/TLS key during an administrator’s SSL session. The connected Red Hat/NVD entries alongside CNVD/PRION listings corroborate the device family and vulnerability, with impacts described as exposure of admin communication...
CVE-2019-13398
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...
CVE-2019-13398
CVE-2019-13398 affects Dynacolor FCM-MB40 v1.2.0.0 devices. The vulnerability is a command-injection flaw in CGI scripts (cgi-bin/camctrl_save_profile.cgi and cgi-bin/ddns.cgi) that allows a remote attacker to execute arbitrary commands by supplying crafted parameters. This stems from unsafe inpu...
Fortinet FCM-MB40 Remote Command Execution
A remote command execution vulnerability exists in Fortinet FCM-MB40. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !--...
Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution
Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !-- FCM-MB40 CSRF to RCE as root, by Aaron Blair @xorcat Full...
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !-- FCM-MB40 CSRF to RCE as root, by Aaron Blair @xorcat Full...
Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution
Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE...
FortiCam FCM-MB40 Code Execution / Privilege Escalation
Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/ Background In March of 2019 I discovered five vulnerabilities in Fortinet's FortiCam FCM-MB401 product. Part-way through disclosing this vulnerability, I discovered that the FCM-MB40 is manufactured by a company called Dynacolo...
CVE-2018-13850
The CVE-2018-13850 entry affects the Firebase Cloud Messaging (FCM) + Advance Admin Panel component used for Firebase Push Notification on iOS (up to 2017-10-26). The underlying issue is a SQL injection vulnerability triggered via the username parameter in /advance_push/public/login. This results...
Security Bulletin: FCM 4.1 UNIX and VMware is affected by a vulnerability in OpenSSL (CVE-2014-0160)
Summary A security vulnerability has been discovered in OpenSSL in some 4.1 FlashCopy Manager components Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An...
Security Bulletin: : Security vulnerabilities have been identified in Tivoli Storage FlashCopy Manager shipped with IBM Db2.
Summary IBM Tivoli Storage FlashCopy Manager FCM is shipped as a component of IBM Db2. Information about security vulnerabilities affecting IBM Tivoli Storage FCM has been published in a security bulletin. Vulnerability Details Please consult the security bulletin "Vulnerabilities in OpenSSL affe...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DB2 LUW. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a...