27 matches found
EUVD-2013-4710
Malware in sbrugna...
CVE-2013-4863
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a request...
CVE-2013-4864
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery SSRF issue...
CVE-2013-4865
Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...
CVE-2013-4861
Directory traversal vulnerability in cgi-bin/cmh/getfile.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. dot dot in the filename parameter...
CVE-2013-4862
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to 1 update the firmware via the squashfs parameter to upgradestep2.sh or 2 obtain hashed passwords via the cgi-bin/cmh/backup.sh page...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...
Design/Logic Flaw
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to 1 update the firmware via the squashfs parameter to upgradestep2.sh or 2 obtain hashed passwords via the cgi-bin/cmh/backup.sh page...
Design/Logic Flaw
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a request...
Directory traversal
Directory traversal vulnerability in cgi-bin/cmh/getfile.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. dot dot in the filename parameter...
Server side request forgery (ssrf)
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery SSRF issue...
CVE-2013-4861
Directory traversal vulnerability in cgi-bin/cmh/getfile.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. dot dot in the filename parameter...
CVE-2013-4861
MiCasaVerde VeraLite (firmware 1.5.408) is affected by CVE-2013-4861 due to a path traversal flaw in cgi-bin/cmh/get_file.sh that allows remote-authenticated attackers to read arbitrary files by supplying a .. in the filename parameter. The vulnerability enables disclosure of sensitive files such...
CVE-2013-4862
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to 1 update the firmware via the squashfs parameter to upgradestep2.sh or 2 obtain hashed passwords via the cgi-bin/cmh/backup.sh page...
CVE-2013-4862
Vulnerability CVE-2013-4862 affects MiCasaVerde VeraLite firmware 1.5.408. The issue arises from improper access restrictions that enable remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh and (2) retrieve hashed passwords via the cgi-bin/cmh/back...
CVE-2013-4863
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a request...
CVE-2013-4863
The CVE-2013-4863 issue affects MiCasaVerde VeraLite with firmware 1.5.408, where the HomeAutomationGateway’s UPnP RunLua interface (port 49451) allows remote execution of arbitrary Lua code. A second channel permits remote authenticated users to run Lua via port_49451/upnp/control/hag. Documente...
CVE-2013-4864
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery SSRF issue...
CVE-2013-4864
MiCasaVerde VeraLite firmware 1.5.408 is affected by a Server-Side Request Forgery (SSRF) vulnerability exposed via the url parameter to cgi-bin/cmh/proxy.sh. Remote attackers can cause the device to initiate HTTP requests to intranet/internal servers. Public references cite Trustwave SpiderLabs ...
CVE-2013-4865
The CVE-2013-4865 entry concerns MiCasaVerde VeraLite firmware 1.5.408. A cross-site request forgery (CSRF) in upgrade_step2.sh could allow a remote attacker to hijack a user’s authenticated session to perform requests that install arbitrary firmware via the squashfs parameter. This vulnerability...