Lucene search
K

67 matches found

Cvelist
Cvelist
added 2019/07/08 12:2 a.m.25 views

CVE-2019-13402

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset...

8.9AI score0.01521EPSS
Exploits1References1
CVE
CVE
added 2019/07/08 12:2 a.m.44 views

CVE-2019-13402

CVE-2019-13402 affects Dynacolor FCM-MB40 devices (v1.2.0.0). The issue stems from an incomplete factory-reset process implemented by /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi, which fails to reset system accounts and the full set of services. This can allow...

8.8CVSS8.8AI score0.01521EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/08 12:2 a.m.25 views

CVE-2019-13401

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

8.8AI score0.00636EPSS
Exploits1References1
CVE
CVE
added 2019/07/08 12:2 a.m.55 views

CVE-2019-13401

Dynacolor FCM-MB40 devices (v1.2.0.0) are affected by a CSRF vulnerability in all scripts under cgi-bin/. The CNVD entry describes the issue as a cross-site request forgery vulnerability that arises because the product does not adequately verify the origin or authenticity of data, enabling an att...

8.8CVSS8.7AI score0.00636EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/08 12:2 a.m.21 views

CVE-2019-13400

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info...

9.5AI score0.01644EPSS
Exploits1References1
CVE
CVE
added 2019/07/08 12:2 a.m.46 views

CVE-2019-13400

CVE-2019-13400 affects Dynacolor FCM-MB40 v1.2.0.0. The issue arises from storing administrative web-interface credentials in cleartext at /etc/appWeb/appweb.pass, which can be retrieved by accessing cgi-bin/getuserinfo.cgi?mode=info. The vulnerability is evidenced in multiple sources (NVD entry ...

9.8CVSS9.3AI score0.01644EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/08 12:1 a.m.23 views

CVE-2019-13399

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

5.8AI score0.01137EPSS
Exploits1References1
CVE
CVE
added 2019/07/08 12:1 a.m.50 views

CVE-2019-13399

CVE-2019-13399 affects Dynacolor FCM-MB40 v1.2.0.0, which uses a hard-coded SSL/TLS key during an administrator’s SSL session. The connected Red Hat/NVD entries alongside CNVD/PRION listings corroborate the device family and vulnerability, with impacts described as exposure of admin communication...

5.9CVSS5.8AI score0.01137EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/08 12:1 a.m.29 views

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

7.5AI score0.04149EPSS
Exploits1References1
CVE
CVE
added 2019/07/08 12:1 a.m.50 views

CVE-2019-13398

CVE-2019-13398 affects Dynacolor FCM-MB40 v1.2.0.0 devices. The vulnerability is a command-injection flaw in CGI scripts (cgi-bin/camctrl_save_profile.cgi and cgi-bin/ddns.cgi) that allows a remote attacker to execute arbitrary commands by supplying crafted parameters. This stems from unsafe inpu...

9CVSS7.5AI score0.04149EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2019/07/07 12:0 a.m.2 views

Fortinet FCM-MB40 Remote Command Execution

A remote command execution vulnerability exists in Fortinet FCM-MB40. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

5.7AI score
Exploits0
0day.today
0day.today
added 2019/06/26 12:0 a.m.229 views

Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !--...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/25 12:0 a.m.105 views

Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution

Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !-- FCM-MB40 CSRF to RCE as root, by Aaron Blair @xorcat Full...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/06/25 12:0 a.m.387 views

Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution

Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE : TBA !-- FCM-MB40 CSRF to RCE as root, by Aaron Blair @xorcat Full...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2019/06/25 12:0 a.m.17 views

Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution

Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/24 12:0 a.m.262 views

FortiCam FCM-MB40 Code Execution / Privilege Escalation

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/ Background In March of 2019 I discovered five vulnerabilities in Fortinet's FortiCam FCM-MB401 product. Part-way through disclosing this vulnerability, I discovered that the FCM-MB40 is manufactured by a company called Dynacolo...

0.6AI score
Exploits0
CVE
CVE
added 2018/07/10 6:0 p.m.46 views

CVE-2018-13850

The CVE-2018-13850 entry affects the Firebase Cloud Messaging (FCM) + Advance Admin Panel component used for Firebase Push Notification on iOS (up to 2017-10-26). The underlying issue is a SQL injection vulnerability triggered via the username parameter in /advance_push/public/login. This results...

9.8CVSS9.4AI score0.01177EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:40 p.m.26 views

Security Bulletin: FCM 4.1 UNIX and VMware is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL in some 4.1 FlashCopy Manager components Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An...

7.5CVSS0.5AI score0.99999EPSS
Exploits88Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:17 p.m.9 views

Security Bulletin: : Security vulnerabilities have been identified in Tivoli Storage FlashCopy Manager shipped with IBM Db2.

Summary IBM Tivoli Storage FlashCopy Manager FCM is shipped as a component of IBM Db2. Information about security vulnerabilities affecting IBM Tivoli Storage FCM has been published in a security bulletin. Vulnerability Details Please consult the security bulletin "Vulnerabilities in OpenSSL affe...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:36 p.m.22 views

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM® DB2® LUW (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DB2 LUW. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a...

4.3CVSS0.9986EPSS
Exploits1Affected Software1
Rows per page
Query Builder