70 matches found
EUVD-2016-9560
Malware in sbrugna...
EUVD-2016-9557
Malware in sbrugna...
EUVD-2016-9565
Malware in sbrugna...
EUVD-2016-9551
Malware in sbrugna...
EUVD-2016-9559
Malware in sbrugna...
Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability (CVE-2016-8716)
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepti...
Moxa AWK-3131A Web Application Cross-Site Request Forgery (CVE-2016-8718)
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authenti...
Moxa AWK-3131A Web Application Multiple Reflected Cross-site Scripting (CVE-2016-8719)
An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. This plugin only works...
Moxa AWK-3131A Web Application Ping Command Injection (CVE-2016-8721)
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...
Moxa AWK-3131A Web Application systemlog.log Information Disclosure (CVE-2016-8725)
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. This plugin only works with Tenable.o...
Moxa AWK-3131A Hard-coded Administrator Credentials (CVE-2016-8717)
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices. This...
Moxa AWK-3131A Web Application bkpath HTTP Header Injection (CVE-2016-8720)
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP...
Moxa Web Application Nonce Reuse Vulnerability (CVE-2016-8712)
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. This plugin...
Moxa AWK-3131A serviceAgent Information Disclosure (CVE-2016-8724)
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. This plugin only works with Tenable.ot...
Moxa AWK-3131A HTTP GET Denial of Service (CVE-2016-8723)
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially...
Moxa AWK-3131A web_runScript Header Manipulation Denial of Service (CVE-2016-8726)
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. Th...
CVE-2016-8717
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...
CVE-2016-8717
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...
Moxa AWK-3131A Series Industrial IEEE Information Disclosure Vulnerability
Moxa AWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the Web Application feature of the Moxa AWK-3131A using firmware version 1.1. A remote attacker can exploit this vulnerability by retrieving a URL to obtain sensitive information...
Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability(CVE-2016-8716)
Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...