EUVD-2016-3314

Malware in sbrugna...

EUVD-2008-5995

Malware in sbrugna...

OpenElec 6.0.3 / 7.0.1 Code Execution Vulnerability

Exploit for linux platform in category local exploits During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == OVERVIEW == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable component: auto-update feature Software-Version: 6.0.3, 7.0.1...

OpenElec 6.0.3 / 7.0.1 Code Execution

During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == OVERVIEW == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable component: auto-update feature Software-Version: 6.0.3, 7.0.1 User-Interaction: Reboot required Impact: Remote Code...

Design/Logic Flaw

The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...

CVE-2017-6445

The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...

CVE-2017-6445

The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...

CVE-2017-6445

The auto-update feature of Open Embedded Linux Entertainment Center OpenELEC 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely...

CVE-2017-6445

OpenELEC has a CVE-2017-6445 issue affecting the auto-update feature in OpenELEC 6.0.3, 7.0.1, and 8.0.4. The update process uses neither encrypted connections nor signed updates, enabling a man-in-the-middle attacker to tamper with update packages and gain root access remotely. The description a...

OpenELEC and RasPlex Privilege Acquisition Vulnerability

OpenELEC is a Linux embedded operating system that comes with a home theater.RASPLEX is an open, standalone home entertainment system. A security vulnerability exists in OpenELEC and RasPlex that can be exploited by remote attackers to gain access with the help of an SSH session...

OpenELEC Default Credentials (SSH)

OpenELEC is using known default credentials. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-2230

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...

Hardcoded credentials

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...

CVE-2016-2230

CVE-2016-2230 affects OpenELEC and RasPlex, where the root account has a hardcoded password. This enables remote attackers to access via SSH with high impact (C, I, A likely affected) as indicated by the CVSS metrics in the records. Connected sources corroborate the existence of default credentia...

CVE-2016-2230

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...

OpenELEC and RasPlex have a hard-coded SSH root password

Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259: Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password on...

OpenElec <= 3.01- (form.php obj) Local File Inclusion Vulnerability

No description provided by source...

Default Password (openelec) for 'root' Account

The account 'root' on the remote host has the password 'openelec'. An attacker can exploit this issue to gain full access to the affected system. Note that a version of Linux optimized for Raspberry Pi ARM computers is known to use these credentials by default. %NASLMINLEVEL 70300 C Tenable Netwo...

CVE-2008-6025

Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the obj parameter...

Directory traversal

Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the obj parameter...