11 matches found
EUVD-2013-3542
Malware in sbrugna...
EUVD-2013-6587
Malware in sbrugna...
Vulnerabilities in Supermicro BMC IPMI firmware (CVE-2023-40289, CVE-2023-40284, CVE-2023-40287, CVE-2023-40288, CVE-2023-40290, CVE-2023-40285, CVE-2023-40286)
The Binarly research team has discovered multiple vulnerabilities in the Supermicro IPMI firmware component developed by ATEN. Vulnerabilities can be exploited by unauthenticated, remote attackers and could result in obtaining the root of the BMC system. CVE ID| Severity| Issue Type| Description...
CVE-2013-6785
Directory traversal vulnerability in urlredirect.cgi in Supermicro IPMI before SMTX9315 allows authenticated attackers to read arbitrary files via the urlname parameter...
Directory traversal
Directory traversal vulnerability in urlredirect.cgi in Supermicro IPMI before SMTX9315 allows authenticated attackers to read arbitrary files via the urlname parameter...
CVE-2013-6785
CVE-2013-6785 describes a directory traversal vulnerability in the url_redirect.cgi component of Supermicro IPMI before SMT_X9_315. The flaw allows authenticated attackers to read arbitrary files by supplying a crafted value in the url_name parameter. The affected product is Supermicro IPMI (firm...
Supermicro IPMI/BMC Cleartext Password Scanner
!/bin/bash Supermicro IPMI/BMC Cleartext Password Scanner v20140622 by 1N3 http://treadstonesecurity.blogspot.ca Usage: sh supermicroscan.sh proxy ABOUT: Supermicro’s implementation of IPMI/BMC allows remote, unauthenticated attackers to request the file PSBlock via port 49152. This plain text...
Supermicro Onboard IPMI Authenticated Directory Traversal
A directory traversal vulnerability has been reported in Supermicro Onboard IPMI. The vulnerability is due to lack of sanitization of the URL parameters. A remote attacker could exploit this vulnerability by sending a crafted request to an affected server. Successful exploitation may allow an...
Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities
Overview Supermicro Intelligent Platform Management Interface IPMI implementations based on ATEN firmware contain multiple vulnerabilities in their web management interface. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-3607The Supermicro IPMI web interface contains multiple buffer...
Portable UPnP SDK - 'unique_service_name()' Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Portable UPnP SDK uniqueservicename...
Supermicro IPMI Default Accounts
The IPMI functionality of some Supermicro mainboards comes with two admin accounts by default, which are labeled in the webinterface: "ADMIN" "Anonymous" The official documentation only tells you to change the password of the "ADMIN" account: == Note: The manufacturer default username and passwor...