12 matches found
EUVD-2004-2591
Malware in sbrugna...
EUVD-2013-3553
Malware in sbrugna...
CVE-2019-19642
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...
SuperMicro IPMI 03.40 Cross Site Request Forgery
Exploit Title: SuperMicro IPMI 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.supermicro.com/ Software Link: https://www.supermicro.com/en/solutions/management-software/bmc-resources Version: X10DRH-iT motherboards with BIOS 2.0a and...
CVE-2020-15046
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...
Cross site request forgery (csrf)
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/configuser.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88...
CVE-2013-3620
Hardcoded WSMan credentials in Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before 3.15 SMTX9315 and firmware for Supermicro X8 generation motherboards before SMT X8 312...
CVE-2013-3619
Intelligent Platform Management Interface IPMI with firmware for Supermicro X9 generation motherboards before SMTX9317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the 1 Lighttpd web server SSL interface and the 2 Dropbear S...
CVE-2019-19642
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...
Command injection
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...
CVE-2019-19642
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or...
CVE-2004-2600
The firmware for Intelligent Platform Management Interface IPMI 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is...