45 matches found
EUVD-2005-2137
Malware in sbrugna...
EUVD-2018-13234
Malware in sbrugna...
EUVD-2014-3838
Malware in sbrugna...
EUVD-2014-8921
Malware in sbrugna...
EUVD-2014-2977
Malware in sbrugna...
CVE-2018-20687
An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
Server side request forgery (ssrf)
An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-20687
An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-20687
An XXE vulnerability exists in Raritan CommandCenter Secure Gateway (CC-SG) before version 8.0.0, in CommandCenterWebServices/.*?wsdl. The flaw allows remote unauthenticated attackers to read arbitrary files or perform server-side request forgery (SSRF) via a crafted DTD in an XML request. Exploi...
Raritan CommandCenter Secure Gateway XML External Entity Injection Vulnerability
Raritan CommandCenter Secure Gateway CC-SG is a data center server management solution from Raritan. The product provides remote control, centralized authentication, authorization and logging. A code issue vulnerability exists in Raritan versions prior to 8.0.0. The vulnerability stems from an...
Raritan CommandCenter Secure Gateway Cross-Site Scripting Vulnerability
Raritan CommandCenter Secure Gateway CC-SG is a data center server management solution from Raritan. The product provides remote control, centralized authentication, authorization and logging. A cross-site scripting vulnerability exists in Raritan CommandCenter Secure Gateway, which can be...
Raritan CommandCenter Secure Gateway Cross Site Scripting
I. VULNERABILITY ------------------------- XSS Vulnerability on Raritan CommandCenter Secure Gateway II. CVE REFERENCE ------------------------- - III. VENDOR ------------------------- https://www.raritan.com/support/product/commandcenter-secure-gateway IV. TIMELINE -------------------------...
Raritan PowerIQ Rails RCE Vulnerability
Raritan PowerIQ is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Raritan PowerIQ Detection (HTTP)
HTTP based detection of Raritan PowerIQ. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.106817";...
Raritan PowerIQ Default Accounts
Hello list, Raritan PowerIQ ships with a few default accounts and passwords/hashes. For the web interface, there are technically 3 default users. webapi:sl33p30F00dumass! epiqapi:raritan admin:raritan You can technically authenticate with the epiqapi user on the web interface and the PowerIQ API,...
Raritan PowerIQ 4.1 / 4.2 / 4.3 Code Execution
Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web interface with a hardcoded session secret of 8e238c9702412d475a4c44b7726a0537. This can be used to achieve unauthenticated remote code execution as the nginx user on vulnerable systems. msf exploitrailssecretdeserialization show...
CVE-2014-9095
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 sort or 2 dir parameter to license/records...
Sql injection
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 sort or 2 dir parameter to license/records...
CVE-2014-9095
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 sort or 2 dir parameter to license/records...
CVE-2014-9095
CVE-2014-9095 affects Raritan Power IQ versions 4.1.0 and 4.2.1, where SQL injection is possible through the sort or dir parameters in license/records. The vulnerability allows remote attackers to execute arbitrary SQL commands. Public references confirm the issue and CVSS v2 base score 7.5 (High...