EUVD-2014-1143

Malware in sbrugna...

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4.0 CVE : CVE-2014-10078,CVE-2014-1007...

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4....

Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure

Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4.0 CVE : CVE-2014-10078,CVE-2014-10079 Description StoreGrid...

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4.0 CVE : CVE-2014-10078,CVE-2014-10079 Description StoreGrid...

Vembu StoreGrid Cross-Site Scripting Vulnerability

Vembu StoreGrid is a suite of enterprise-class data backup software from Vembu USA. A cross-site scripting vulnerability exists in several files in Vembu StoreGrid version 4.4.x, which can be exploited by a remote attacker to inject arbitrary Web script or HTML. The files include:...

Code injection

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash...

CVE-2014-10078

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php...

Input validation

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php...

CVE-2014-10079

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash...

CVE-2014-10078

CVE-2014-10078 is an XSS vulnerability in Vembu StoreGrid 4.4.x affecting the web interfaces at interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. The...

CVE-2014-10079

CVE-2014-10079 affects Vembu StoreGrid 4.4.x. The vulnerability is an information disclosure where the front page of the server web interface leaks the private IP address through a hidden ipaddress form value in the HTML source, caused by incorrect processing of an index.php/ trailing slash. This...

CVE-2014-10078

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php...

CVE-2014-10079

In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash...

Vembu StoreGrid 4.0 Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Vembu StoreGrid - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 4.0 Tested on: Windows Server 2012 StoreGrid is a re-brandable backup solution, which can install 2 services with...

Vembu StoreGrid 4.0 Privilege Escalation

Exploit Title: Vembu StoreGrid - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 4.0 Tested on: Windows Server 2012 StoreGrid is a re-brandable backup solution, which can install 2 services with unquoted service paths. This enables a local privilege...

Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation

Exploit Title: Vembu StoreGrid - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 4.0 Tested on: Windows Server 2012 StoreGrid is a re-brandable backup solution, which can install 2 services with unquoted service paths. This enables a local privilege...

Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation

Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation Exploit Title: Vembu StoreGrid - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 4.0 Tested on: Windows Server 2012 StoreGrid is a re-brandable backup solution, which can install 2...

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...