[Full-disclosure] Arbitrary file disclosure vulnerability in IP3 NetAccess < 4.1.9.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author: Sebastian...

IP3 NetAccess 4.1.9.6 - Arbitrary File Disclosure

IP3 NetAccess 4.1.9.6 - Arbitrary File Disclosure I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author:...

IP3 NetAccess < 4.1.9.6 - Arbitrary File Disclosure

I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author: Sebastian Wolfgarten sebastian at wolfgarten dot com Dat...

IP3 NetAccess < 4.1.9.6 Remote Arbitrary File Disclosure Vulnerability

Exploit for hardware platform in category remote exploits ====================================================================== IP3 NetAccess 4.1.9.6 Remote Arbitrary File Disclosure Vulnerability ====================================================================== I - TITLE Security advisory:...

Default credentials

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin...

Command injection

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "" backtick characters in the appliance's command line interface CLI...

CVE-2006-2043

CVE-2006-2043 affects IP3 Networks NetAccess NA75 with the na-img-4.0.34.bin image; backtick characters in the appliance CLI enable local users to gain Unix shell access, indicating a command-injection-style vulnerability in the CLI parsing. No remediation details are provided in the supplied doc...

CVE-2006-2045

CVE-2006-2045 concerns IP3 Networks NetAccess NA75. The shadow password file in na-img-4.0.34.bin is world-readable, enabling local users to view encrypted passwords; the NetAccess database file is world-readable and world-writable, enabling local users to view sensitive data and modify it. No ex...

CVE-2006-2043

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "" backtick characters in the appliance's command line interface CLI...

Multiple vulnerabilities in IP3 Networks &#39;NetAccess&#39; NA75 appliance

-------------------- Multiple vulnerabilities have been identified in IP3 Networks 'NetAccess' NA75 appliance. -------------------- KPMG recommends that owners of a NetAccess NA75 take steps to ensure the security of the device, and that IP3 Networks is contacted to acquire the new firmware that...

Multiple IP3 Networks NetAccess security vulnerabilities

SQL injections, unfiltered shell characters, etc...

CVE-2004-2326

The CVE-2004-2326 entry documents a SQL injection vulnerability in the IP3 Networks NetAccess Appliance that allows remote attackers to bypass authentication via the login or password fields. Affected firmware versions are listed as before 3.1.18b13, with a note that 4.0.34 is also affected. The ...

CVE-2004-2326

SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the 1 login or 2 password. NOTE: this issue was later reported to also affect firmware 4.0.34...

CVE-2004-2326

SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the 1 login or 2 password. NOTE: this issue was later reported to also affect firmware 4.0.34...

IP3 Networks IP3 NetAccess Appliance - SQL Injection

source: https://www.securityfocus.com/bid/9858/info The IP3 NetAccess Appliance is reported prone to a remote SQL-injection vulnerability. This issue is due to the application's failure to properly sanitize user input. This issue may allow an attacker to gain full control of the appliance through...