EUVD-2016-0876

Malware in sbrugna...

Tollgrade Smart Grid EMS LightHouse Vulnerabilities

OVERVIEW Ashish Kamble of Qualys, Inc. has identified vulnerabilities in Tollgrade Communications, Inc.’s Smart Grid LightHouse Sensor Management System SMS Software EMS. Tollgrade has produced a new version to mitigate these vulnerabilities. Ashish Kamble has tested the new version to validate...

Tollgrade SmartGrid LightHouse Sensor Management System Software Arbitrary Password Change Vulnerability

Tollgrade SmartGrid LightHouse Sensor Management System SMS Software is a Web-based smart grid lighthouse sensor management system from Tollgrade, Inc. A security vulnerability exists in Tollgrade SmartGrid LightHouse SMS Software EMS versions prior to 5.1 and 4.1.0 Build 16. A remote attacker...

Tollgrade SmartGrid LightHouse Sensor Management System Software Cross-Site Scripting Vulnerability

Tollgrade SmartGrid LightHouse Sensor Management System SMS Software is a Web-based smart grid lighthouse sensor management system from Tollgrade, Inc. A cross-site scripting vulnerability exists in Tollgrade SmartGrid LightHouse SMS Software EMS versions prior to 5.1 and 4.1.0 Build 16. A remote...

Tollgrade SmartGrid LightHouse Sensor Management System Software Information Disclosure Vulnerability

Tollgrade SmartGrid LightHouse Sensor Management System SMS Software is a Web-based smart grid lighthouse sensor management system from Tollgrade, Inc. A security vulnerability exists in Tollgrade SmartGrid LightHouse SMS Software versions prior to 5.1 and 4.1.0 Build 16. A remote attacker could...

CVE-2016-0865

Tollgrade SmartGrid LightHouse Sensor Management System SMS Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors...

CVE-2016-0863

Cross-site request forgery CSRF vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System SMS Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users...

CVE-2016-0863

Cross-site request forgery CSRF vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System SMS Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users...

Code injection

Tollgrade SmartGrid LightHouse Sensor Management System SMS Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors...

Information disclosure

Tollgrade SmartGrid LightHouse Sensor Management System SMS Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors...

CVE-2016-0866

The CVE-2016-0866 entry maps to a Cross-site Scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS prior to 5.1 and 4.1.0 Build 16. Affected product: LightHouse EMS web server; vulnerability arises from improper input handling, enabling remote...