24 matches found
CVE-2020-24054
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments;...
CVE-2020-24052
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
CVE-2020-24053
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
EUVD-2020-16787
Malware in sbrugna...
EUVD-2020-16790
Malware in sbrugna...
EUVD-2020-16789
Malware in sbrugna...
moog-baumaschinen.de Cross Site Scripting vulnerability OBB-3382886
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-24051
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issu...
CVE-2020-24052
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
CVE-2020-24053
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
CVE-2020-24054
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments;...
Authentication flaw
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issu...
Hardcoded credentials
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
Command injection
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments;...
Xxe
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
CVE-2020-24054
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments;...
CVE-2020-24054
The CVE-2020-24054 issue affects Moog EXO Series EXVF5C-2 and EXVP7C2-3 administration consoles. The vulnerability arises from a privileged “statusbroadcast” feature that can spawn a specified binary repeatedly at set intervals as root. Although the feature accepts only a binary path without argu...
CVE-2020-24053
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
CVE-2020-24053
The CVE-2020-24053 entry concerns Moog EXO Series devices EXVF5C-2 and EXVP7C2-3 with hardcoded credentials that could expose confidentiality when using FTP, Telnet, or SSH. Root cause is a hardcoded credential vulnerability. Connected sources confirm the affected models and access vectors but do...
CVE-2020-24052
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...