EUVD-2018-17774

Malware in sbrugna...

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

Unspecified Vulnerability in Green Electronics RainMachine Mini-8 and Touch HD 12 Web Applications

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

Unspecified Vulnerability in Green Electronics RainMachine Mini-8 (CNVD-2019-28250)

The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the 'Weather Service' feature in the Green Electronics RainMachine Mini-8 2nd generation. The vulnerability can be exploited to inject arbitrary Python code via...

CVE-2018-6909

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...

CVE-2018-6908

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

CVE-2018-6012

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...

CVE-2018-6011

The time-based one-time-password TOTP function in the application logic of the Green Electronics RainMachine Mini-8 2nd generation uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of...

CVE-2018-6906

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

Cross site scripting

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

Design/Logic Flaw

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request...

Authentication flaw

An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by...

CVE-2018-6012

CVE-2018-6012 affects the Green Electronics RainMachine Mini-8 (2nd generation). The vulnerability lies in the Weather Service feature: an attacker can inject arbitrary Python code through the 'Add new weather data source' upload function. This implies potential remote code execution with network...

CVE-2018-6012

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...

CVE-2018-6906

The CVE-2018-6906 entry concerns a persistent Cross-Site Scripting (XSS) vulnerability in Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application. According to the sources, an attacker can inject arbitrary JavaScript through the REST API, enabling an XSS exposure tha...

CVE-2018-6908

The CVE-2018-6908 entry affects Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Applications. The underlying issue is an authentication bypass in the web interface, enabling an unauthenticated attacker to perform authenticated actions by manipulating the HTTP Host header...