25 matches found
EUVD-2020-29854
Malware in sbrugna...
EUVD-2020-29853
Malware in sbrugna...
EUVD-2020-29855
Malware in sbrugna...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2020-9023
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
Iteris Vantage Velocity Command Injection (CVE-2020-9020)
A command injection vulnerability exists in Iteris Vantage Velocity. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
An unspecified vulnerability exists in the Iteris Vantage Velocity Field Unit.
The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. A security vulnerability exists in the Iteris Vantage Velocity Field Unit version 2.3.1 and 2.4.2, which originates from a program that assigns global writable privileges to the /root/cleardata.pl and...
Iteris Vantage Velocity Field Unit Operating System Command Injection Vulnerability
The Iteris Vantage Velocity Field Unit is a road monitoring field unit from Iteris USA. An operating system command injection vulnerability exists in the Iteris Vantage Velocity Field Unit versions 2.3.1, 2.4.2, and 3.0. An attacker exploits the vulnerability to execute commands via NTP Server...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
CVE-2020-9024
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...
CVE-2020-9025
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script...
CVE-2020-9023
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2020-9023
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
Design/Logic Flaw
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl executed as root by crond and /root/loadperl.sh executed as root at boot time scripts...
Default credentials
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords User bluetooth, password bluetooth; User eclipse, password eclipse. Also, bluetooth is the root password...
Design/Logic Flaw
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2020-9020
CVE-2020-9020 affects Iteris Vantage Velocity Field Unit firmware versions 2.3.1, 2.4.2, and 3.0. The root cause is an OS command injection via shell metacharacters entered in the NTP Server field processed by the CGI script cgi-bin/timeconfig.py. This could enable remote command execution with h...