CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...

EUVD-2020-15914

Malware in sbrugna...

CVE-2020-23160

Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices...

CVE-2020-23162

Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials...

CVE-2020-23162

Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials...

CVE-2020-23160

Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices...

CVE-2020-23160

Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices...

CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...

CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...

Remote file inclusion

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...

Information disclosure

Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials...

Remote code execution

Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices...

Pyrescom Termod4 time management access control error

A security vulnerability exists in Pyrescom Termod4 time management devices that stems from the inclusion of local files in the devices allowing an authenticated, remote attacker to traverse directories and read sensitive files via the Maintenance Log menu and manipulate file paths in URLs...

Exploit for CVE-2020-23160

Pyrescom-Termod-PoC This is the Proof-of-concept exploit code...

CVE-2020-23162

Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials...

CVE-2020-23161

Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance Logs menu and manipulating the file-path in the URL...