64 matches found
CVE-2018-17891
CVE-2018-17891 affects Carestream Vue RIS, RIS Client Builds 11.2 and earlier on Windows 8.1 with IIS/7.5. A missing Oracle TNS listener causes an HTTP 500 error that leaks technical information, enabling information exposure through error messages. The ICS-CERT advisory (ICSMA-18-277-01) confirm...
Carestream Vue RIS
1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Carestream Equipment: Carestream Vue RIS Vulnerability: Information Exposure Through an Error Message 2. RISK EVALUATION An attacker with access to the network of the affected system can passively read traffic. 3. TECHNICAL...
Secutech DSL WR RIS 330 - Filter Bypass Vulnerability
Document Title: =============== Secutech DSL WR RIS 330 - Filter Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1988 Release Date: ============= 2018-07-09 Vulnerability Laboratory ID VL-ID: ==================================== 198...
Secutech DSL WR RIS 330 - Filter Bypass Vulnerability
Document Title: =============== Secutech DSL WR RIS 330 - Filter Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1988 Release Date: ============= 2018-07-08 Vulnerability Laboratory ID VL-ID: ==================================== 198...
CVE-2018-10080
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52esFRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wandns.asp request in conjunction with a crafted admin cookie...
CVE-2018-10080
CVE-2018-10080 affects Secutech RiS-11, RiS-22, and RiS-33 devices running firmware 5.07.52_es_FRI01. The vulnerability allows changing DNS settings via the HTTP goform/AdvSetDns?GO=wan_dns.asp endpoint when an attacker has a crafted admin cookie. The connected sources confirm the affected produc...
Secutech RiS-11, RiS-22 and RiS-33 DNS Change Vulnerabilities
The Secutech RiS-11, RiS-22 and RiS-33 are all wireless access point devices from Secutech Venezuela. A security vulnerability exists in the Secutech RiS-11, RiS-22 and RiS-33 using firmware version 5.07.52esFRI01. The vulnerability can be exploited by an attacker to change DNS settings with the...
Secutech RiS-11/RiS-22/RiS-33 5.07.52_es_FRI01 Remote DNS Changer Vulnerability
Exploit for hardware platform in category web applications Secutech RiS-11/RiS-22/RiS-33 V5.07.52esFRI01 Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by...
Secutech RiS-11/RiS-22/RiS-33 5.07.52_es_FRI01 Remote DNS Changer
Secutech RiS-11/RiS-22/RiS-33 V5.07.52esFRI01 Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices w...
Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change
Secutech RiS-11/RiS-22/RiS-33 V5.07.52esFRI01 Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices w...
TaBi - Track BGP Hijacks
Developed since 2011 for the needs of the French Internet Resilience Observatory , TaBi is a framework that ease the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called an hijacking AS ,...
BGP Hijack Detection: TaBi
BGP Hijack Detection Developed since 2011 for the needs of the French Internet Resilience Observatory , TaBi is a framework that ease the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called an...
GRIZZLY STEPPE - Russian Malicious Cyber Activity
The Department of Homeland Security DHS has released a Joint Analysis Report JAR that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. This activity by Russian civilian and military intelligence services RIS is part of an ongoing campaign of cyber-enabled operations directe...
Microsoft Windows RIS TFTP Service Writable Path (MS06-077; CVE-2006-5584)
The Remote Installation Service, RIS, is a Microsoft-supplied server that provides tools that facilitates the remote installation of Microsoft Windows. RIS requires that remote clients have a Preboot eXecution Environment PXE BIOS enabled to remotely execute boot environment variables. On Microso...
Cisco Unified Communications Manager RIS数据收集器服务绕过认证漏洞
BUGTRAQ ID: 29935 CVECAN ID: CVE-2008-2062,CVE-2008-2730 Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 CUCM的实时信息服务器(RIS)数据收集器服务存在绕过认证漏洞,可能导致非授权泄露某些CUCM集群信息。...
CVE-2008-2062
The Real-Time Information Server RIS Data Collector service in Cisco Unified Communications Manager CUCM before 4.23SR4, and 4.3 before 4.32SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the servic...
CVE-2008-2062
CVE-2008-2062 (CISCO CUCM RIS Data Collector) affects the Real-Time Information Server Data Collector component in Cisco Unified Communications Manager (CUCM) prior to 4.2(3)SR4 and 4.3 prior to 4.3(2)SR1. The issue is an authentication bypass: by connecting directly to the RIS Data Collector por...
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities Advisory ID: cisco-sa-20080625-cucm Revision 1.0 For Public Release 2008 June 25 1600 UTC GMT...
ris-xss.txt
Hi folks, Description: RIS is a public accessable web application to search/browse Austrian laws, provided by the Government of Austria. It is vulnerable for XSS via a malformed search query. POC: http://www.ris.bka.gv.at/taweb-cgi/taweb?q=%3Cscript%3Ealert1;%3C/script%3E&x=r&v=lroo&o=&db3=LROO...
CVE-2006-5584
CVE-2006-5584 affects Microsoft Windows 2000 SP4 with the Remote Installation Service (RIS) TFTP server, which is by default allowed to accept anonymous writes. The vulnerability arises from anonymous access to the RIS TFTP file structure, enabling remote attackers to upload and overwrite operati...