EUVD-2015-2938

Malware in sbrugna...

EUVD-2015-0940

Malware in sbrugna...

ANTlabs InnGate Firmware SQL Injection Vulnerability

ANTlabs InnGate firmware on IG 3100 etc. is a firmware from ANTlabs Singapore for use in IG 3100 gateways and other devices. A SQL injection vulnerability exists in the main.ant file in the ANTlabs InnGate firmware on multiple ANTlabs devices. A remote attacker could execute arbitrary queries on...

ANTlabs InnGate Firmware Cross-Site Scripting Vulnerability

ANTlabs InnGate firmware on IG 3100 etc. is a firmware from ANTlabs Singapore for use in IG 3100 gateways and other devices. A cross-site scripting vulnerability exists in the index-login.ant file in the ANTlabs InnGate firmware on multiple ANTlabs devices. If a user could be tricked into clickin...

Sql injection

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2015-2849

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter...

CVE-2015-2850

Cross-site scripting XSS vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2015-2850

The CVE-2015-2850 issue affects ANTlabs InnGate firmware (IG 3100 and InnGate 3.01 E, 3.10 E, 3.10 M, SG 4, SSG 4). The vulnerability is a Cross-Site Scripting (XSS) in the index-login.ant page, exploitable via the msg parameter. Root cause is improper input handling that allows injected web scri...

CVE-2015-2849

Summary (CVE-2015-2849) : The ANTlabs InnGate firmware (IG3100, InnGate 3.01 E, 3.10 E, 3.10 M, SG 4, SSG 4) contains a SQL injection vulnerability in the main.ant page. The issue arises from the ppli URL parameter; when using HTTPS, a remote attacker can induce arbitrary SQL commands on the unde...

CVE-2015-2849

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter...

ANTLabs InnGate gateway device contains SQL injection and reflected cross-site scripting vulnerabilities

Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. Description CWE-89: Improper Neutralization of Special Elements used in an SQL...

ANTlabs InnGate Firmware Arbitrary File Read/Write Vulnerability

ANTlabs InnGate is a dedicated gateway for hotels. An arbitrary file read/write vulnerability exists in the ANTlabs InnGate firmware, which allows an unauthenticated attacker to exploit the vulnerability to perform read/write operations on the device's file system due to a failure to properly...

CVE-2015-0932

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on por...

Authentication flaw

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on por...

CVE-2015-0932

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on por...

CVE-2015-0932

CVE-2015-0932 affects ANTlabs InnGate devices (IG 3100/3101; InnGate 3.00 E, 3.01 E, 3.02 E, 3.10 E; 3.01 G, 3.10 G). The root cause is an unauthenticated rsync daemon on TCP port 873, configured with incorrect default permissions, allowing remote attackers to read and write to arbitrary files on...

Beijing, Shanghai, including hundreds of hotel chains InnGate wireless router there are serious security vulnerabilities-vulnerability warning-the black bar safety net

Latest survey report shows that Beijing, Shanghai, including hundreds of Inn of the InnGate wireless router there are serious security vulnerabilities, an attacker would be able to get the hotel to monitor and document data, to the hotel customers spread computer viruses, and even can access the...

AntLabs InnGate security vulnerability patch

ANTLabs today is expected to roll out patches for a vulnerability in its InnGate Internet gateways that are popular in hospitality and convention locations. The gateways provide temporary Internet access to hotel guests or conference attendees using kiosks, for example. The vulnerability...

Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance. Description CWE-276: Incorrect...