23 matches found
EUVD-2013-4710
Malware in sbrugna...
CVE-2013-4865
Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...
CVE-2013-4864
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery SSRF issue...
CVE-2013-4863
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a request...
CVE-2013-4862
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to 1 update the firmware via the squashfs parameter to upgradestep2.sh or 2 obtain hashed passwords via the cgi-bin/cmh/backup.sh page...
CVE-2013-4861
Directory traversal vulnerability in cgi-bin/cmh/getfile.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. dot dot in the filename parameter...
Design/Logic Flaw
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows 1 remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or 2 remote authenticated users to execute arbitrary Lua code via a RunLua action in a request...
Server side request forgery (ssrf)
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery SSRF issue...
Directory traversal
Directory traversal vulnerability in cgi-bin/cmh/getfile.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. dot dot in the filename parameter...
Design/Logic Flaw
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to 1 update the firmware via the squashfs parameter to upgradestep2.sh or 2 obtain hashed passwords via the cgi-bin/cmh/backup.sh page...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...
CVE-2013-4861
MiCasaVerde VeraLite (firmware 1.5.408) is affected by CVE-2013-4861 due to a path traversal flaw in cgi-bin/cmh/get_file.sh that allows remote-authenticated attackers to read arbitrary files by supplying a .. in the filename parameter. The vulnerability enables disclosure of sensitive files such...
CVE-2013-4861
Directory traversal vulnerability in cgi-bin/cmh/getfile.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. dot dot in the filename parameter...
CVE-2013-4862
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to 1 update the firmware via the squashfs parameter to upgradestep2.sh or 2 obtain hashed passwords via the cgi-bin/cmh/backup.sh page...
CVE-2013-4864
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery SSRF issue...
CVE-2013-4865
Cross-site request forgery CSRF vulnerability in upgradestep2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter...
CVE-2013-4865
The CVE-2013-4865 entry concerns MiCasaVerde VeraLite firmware 1.5.408. A cross-site request forgery (CSRF) in upgrade_step2.sh could allow a remote attacker to hijack a user’s authenticated session to perform requests that install arbitrary firmware via the squashfs parameter. This vulnerability...
MiCasaVerde VeraLite UPnP RCE
The remote MiCasaVerde VeraLite Smart Home Controller is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via the UPnP RunLua action, to execute arbitrary shell commands as root. Note that MiCasaVerde VeraLite is reportedly affected by...
MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities
No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde http://www.micasaverde.com/ Product: VeraLite Version affected: 1.5.408 Product description: The MiCasaVerd...
MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities
Exploit for php platform in category web applications Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde http://www.micasaverde.com/ Product: VeraLite Version affected: 1.5.408 Product description: The MiCasaVerde VeraLite is the budget model fro...