34 matches found
EUVD-2018-17774
Malware in sbrugna...
EUVD-2018-18651
Malware in sbrugna...
EUVD-2018-18652
Malware in sbrugna...
EUVD-2018-17775
Malware in sbrugna...
EUVD-2018-18653
Malware in sbrugna...
Unspecified Vulnerability in Green Electronics RainMachine Mini-8 and Touch HD 12 Web Applications (CNVD-2019-28247)
Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of American c. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. touch HD 12 Web Touch HD 12 Web Application is a web-based touch screen application. A security vulnerability exists in the...
Unspecified Vulnerability in Green Electronics RainMachine Mini-8
The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the application logic in the Green Electronics RainMachine Mini-8 Generation 2 that stems from a function that generates a 6-digit temporary password using a has...
Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability
Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...
Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Request Forgery Vulnerability
Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...
Unspecified Vulnerability in Green Electronics RainMachine Mini-8 and Touch HD 12 Web Applications
Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...
Unspecified Vulnerability in Green Electronics RainMachine Mini-8 (CNVD-2019-28250)
The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the 'Weather Service' feature in the Green Electronics RainMachine Mini-8 2nd generation. The vulnerability can be exploited to inject arbitrary Python code via...
CVE-2018-6907
A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...
CVE-2018-6909
A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...
CVE-2018-6908
An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...
CVE-2018-6908
An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...
CVE-2018-6011
The time-based one-time-password TOTP function in the application logic of the Green Electronics RainMachine Mini-8 2nd generation uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of...
CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...
CVE-2018-6906
A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...
Cross site scripting
A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...
Cross site request forgery (csrf)
A Cross Site Request Forgery CSRF vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API...