21 matches found
EUVD-2018-6823
Malware in sbrugna...
EUVD-2018-6825
Malware in sbrugna...
EUVD-2018-6824
Malware in sbrugna...
EUVD-2023-37640
Malicious code in bioql PyPI...
CVE-2023-33477
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...
CVE-2023-33477
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...
Path traversal
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...
CVE-2023-33477
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...
CVE-2023-33477
Summary: CVE-2023-33477 concerns Harmonic NSG 9000-6G devices, where an authenticated remote user can obtain source code by directly requesting a crafted path. Multiple connected sources label the issue as a path traversal vulnerability, but the technical details are inconsistent across entries a...
Harmonic NSG 9000 Devices Remote Detection
Detection of presence of Harmonic NSG 9000 Device. The script sends a HTTP GET connection request to the server and attempts to determine if the remote host runs Harmonic NSG 9000 Device from the response. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a...
Directory traversal
Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATIONGETFILE" or "POST /PY/EMULATIONEXPORT" with FileName=../../../passwd in the POST data...
CVE-2018-14941
Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...
CVE-2018-14942
Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATIONGETFILE" or "POST /PY/EMULATIONEXPORT" with FileName=../../../passwd in the POST data...
Code injection
Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...
CVE-2018-14943
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account...
CVE-2018-14942
Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATIONGETFILE" or "POST /PY/EMULATIONEXPORT" with FileName=../../../passwd in the POST data...
CVE-2018-14943
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account...
CVE-2018-14942
The CVE-2018-14942 entry concerns Harmonic NSG 9000 devices. The vulnerability allows remote authenticated users to perform directory traversal via POST requests, e.g. POST /PY/EMULATION_GET_FILE or POST /PY/EMULATION_EXPORT with FileName=../../../passwd. This is the explicit risk described in mu...
CVE-2018-14943
CVE-2018-14943 affects Harmonic NSG 9000 devices and is due to default credentials: admin (nsgadmin), guest (nsgguest), and config (nsgconfig). The CVE entry cites high-impact potential (confidentiality, integrity, availability) with network access and no user interaction required. Connected reco...
CVE-2018-14941
CVE-2018-14941 affects Harmonic NSG 9000 devices. The issue allows remote authenticated users to read the webapp.py source code via a direct request to the /webapp.py URI, exposing source and potentially sensitive logic. According to the NVD metrics, confidentiality impact is HIGH (CVSS3) with ne...