33 matches found
EUVD-2020-29854
Malware in sbrugna...
EUVD-2020-29853
Malware in sbrugna...
EUVD-2020-29850
Malware in sbrugna...
EUVD-2020-29855
Malware in sbrugna...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2020-9023
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
Iteris Vantage Velocity Command Injection (CVE-2020-9020)
A command injection vulnerability exists in Iteris Vantage Velocity. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Iteris Apache Velocity 安全漏洞
Iteris Apache Velocity is a software application from the United States Iteris. It is used to create and maintain the open source software functionality associated with the Apache Velocity Engine. A security vulnerability exists in Apache Velocity Engine versions up to 2.2, which can be exploited...
VulnCheck KEV: CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
Iteris Vantage Velocity Field Unit Undocumented Account Vulnerability
The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris. The Iteris Vantage Velocity Field Unit has two undocumented accounts, "eclipse/bluetooth", which can be exploited by a remote attacker to submit a special request to execute arbitrary OS commands with ROOT...
Iteris Vantage Velocity Field Unit Cross-Site Scripting Vulnerability
The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. A cross-site scripting vulnerability exists in all parameters of the Start Data Viewer function of the /cgi-bin/loaddata.py script in the Iteris Vantage Velocity Field Unit version 2.4.2. The vulnerability ste...
An unspecified vulnerability exists in the Iteris Vantage Velocity Field Unit.
The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. A security vulnerability exists in the Iteris Vantage Velocity Field Unit version 2.3.1 and 2.4.2, which originates from a program that assigns global writable privileges to the /root/cleardata.pl and...
Iteris Vantage Velocity Field Unit Operating System Command Injection Vulnerability
The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. An operating system command injection vulnerability exists in the Iteris Vantage Velocity Field Unit versions 2.3.1, 2.4.2, and 3.0. An attacker exploits the vulnerability to execute commands via NTP Server...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
CVE-2020-9024
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...
CVE-2020-9024
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
CVE-2020-9023
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...