82 matches found
EUVD-2017-7966
Malware in sbrugna...
EUVD-2017-7964
Malware in sbrugna...
EUVD-2017-7965
Malware in sbrugna...
Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16788)
Directory traversal vulnerability in the Upload Groupkey functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading...
Meinberg LANTIME Information Disclosure (CVE-2018-10836)
Other logged-in users were visible to info users and admin users through the function 'logged in users'. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Meinberg LANTIME Improper Filename Validation of the Upload Function (CVE-2023-1731)
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. This plugin only works with Tenable.ot. Please visit...
Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16787)
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Meinberg LANTIME Web Interface Cross-site Scripting (CVE-2014-5417)
Cross-site scripting XSS vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
Meinberg LANTIME Arbitrary File Read (CVE-2018-10835)
Admin users were able to exchange web interface data through the data upload mechanism to which only root users have access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Meinberg LANTIME Remote Code Execution (CVE-2020-7240)
Meinberg Lantime devices allow attackers with privileges to configure a device to execute arbitrary OS commands by editing the /config/netconf.cmd script aka Extended Network Configuration. Note: According to the description, the vulnerability requires a fully authenticated super-user account usi...
Meinberg LANTIME Arbitrary File Read (CVE-2018-10834)
Admin and info users were able to read data through the data upload mechanism to which only root users have access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16786)
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via 1 the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or 2 vectors involving curl support of the file schema in the...
CVE-2021-46903
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts in violation of expected access control...
CVE-2021-46902
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls...
CVE-2021-46902
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls...
CVE-2021-46903
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts in violation of expected access control...
Input validation
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls...
Improper access control
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts in violation of expected access control...
CVE-2021-46903
An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts in violation of expected access control...
Meinberg LANTIME-Firmware Security Vulnerability
Meinberg Funkuhren Meinberg LANTIME-Firmware is a ready-to-use network time protocol server from Meinberg Funkuhren, Germany. A security vulnerability exists in Meinberg LANTIME-Firmware that stems from improper handling of path validation in LTOS-Web-Interface, which allows administrators to rea...