12 matches found
Plug and Track Sensor Net Connect 安全漏洞
Plug and Track Sensor Net Connect is a smart sensor from the French company Plug and Track. It is used to monitor temperature, humidity, pressure, CO2 and other parameters. A security vulnerability exists in Plug and Track Sensor Net Connect version V2, which stems from a cross-site request forge...
PT-2024-23626 · Unknown · Plug&Track Sensor Net Connect V2
Name of the Vulnerable Software and Affected Versions: Plug&Track Sensor Net Connect V2 version 2.24 Description: A Cross-Site Request Forgery CSRF issue can be exploited by remote attackers to perform state-changing operations with administrative privileges. This is done by luring authenticated...
Plug and Track Sensor Net Connect 安全漏洞
Plug and Track Sensor Net Connect is a smart sensor from the French company Plug and Track. It is used to monitor temperature, humidity, pressure, CO2 and other parameters. A security vulnerability exists in Plug and Track Sensor Net Connect version V2, which originates from the insertion of...
Plug and Track Sensor Net Connect 安全漏洞
Plug and Track Sensor Net Connect is a smart sensor from the French company Plug and Track. It is used to monitor temperature, humidity, pressure, CO2 and other parameters. A security vulnerability exists in Plug and Track Sensor Net Connect version V2, which stems from passwords being stored in...
Plug and Track Sensor Net Connect 安全漏洞
Plug and Track Sensor Net Connect is a smart sensor from the French company Plug and Track. It is used to monitor temperature, humidity, pressure, CO2 and other parameters. A security vulnerability exists in Plug and Track Sensor Net Connect version V2, which stems from the presence of cross-site...
Reliance Net Connect website Defaced by Hackers
Reliance Net Connect , a venture of Reliance Communications , one of the leading CDMA & GSM Service providers in India website was Defaced by Hackers two days back. No reason mentioned by hackers but on deface page, Hackers wrote "Hacked by Dr-FreaK and Napsters Cr3w". Defaced site link -...
CVE-2007-3880
CVE-2007-3880 is a format-string vulnerability in the srsexec binary of Sun Remote Services Net Connect (SUNWsrspx), affecting Solaris 8/9/10 via NetConnect 3.2.3/3.2.4. An attacker with local access to a set-UID root srsexec can trigger syslog handling of crafted input containing format specifie...
Sun Solaris srsexec任意文件读取本地信息泄露漏洞
Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris系统的srsexec工具在处理文件访问权限时存在漏洞,本地攻击者可能利用此漏洞读取部分敏感文件内容。 如果安装了SUNWsrspx软件包的话,则该软件包中的srsexec工具可能允许本地攻击者访问敏感信息,如root口令哈希。漏洞起因是没有丢弃或检查目标文件的权限,如果用户指定了verify only模式(-v)及debug(-d)模式的话,且指定了受保护的文件(如/etc/shadow),srsexec就会在debug消息中显示/etc/shadow的第一行。 Sun SRS Net Connect...
Code injection
srsexec in Sun Remote Services SRS Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options...
CVE-2007-2617
srsexec in Sun Remote Services SRS Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options...
CVE-2007-2617
Sun Solaris 10 Net Connect Software Proxy Core srsexec has a local-privilege/file-read flaw: it does not enforce file permissions when opening files in debug (-d) and verbose (-v) modes, allowing a local user to read the first line of arbitrary files. Affected component: srsexec under Sun Remote ...
CVE-2007-2617
srsexec in Sun Remote Services SRS Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. Recent assessments: h00die at March 25, 2020 12:46am UTC...