71 matches found
Symmetricom SyncServer Unauthenticated - Remote Command Execution
Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability. id: CVE-2022-40022 info: name: Symmetricom SyncServer Unauthenticated - Remote Command Execution author: DhiyaneshDK,mielverkerken severity: critical description: | Microchip Technology...
EUVD-2014-4967
Malware in sbrugna...
EUVD-2020-29860
Malware in sbrugna...
EUVD-2014-4968
Malware in sbrugna...
EUVD-2020-29861
Malware in sbrugna...
EUVD-2020-29858
Malware in sbrugna...
EUVD-2014-4969
Malware in sbrugna...
EUVD-2020-29863
Malware in sbrugna...
EUVD-2020-29864
Malware in sbrugna...
EUVD-2020-29862
Malware in sbrugna...
EUVD-2020-29859
Malware in sbrugna...
EUVD-2014-4970
Malware in sbrugna...
CVE-2020-9034
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users...
CVE-2020-9031
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php...
CVE-2020-9032
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php...
CVE-2020-9033
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php...
CVE-2020-9028
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen when creating a new user...
CVE-2020-9030
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php...
CVE-2020-9029
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php...
Symmetricom SyncServer Unauthenticated Remote Command Execution Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in /controller/ping.php in Symmetricom SyncServer. The S100 through S350 End of Life models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability. This module requires...