Ovarro TBox (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Ovarro Equipment: TBoxLT2 All models, TBox MS-CPU32, TBox MS-CPU32-S2, TBox RM2 All models, TBox TG2 All models --------- Begin Update A Part 1 of 3 --------- Vulnerabilities: Code Injection,...

CVE-2009-5014

The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...

CVE-2009-5015

CVE-2009-5015 affects TurboGears2 (tg2) prior to 2.0.2, where the URL dispatch mechanism exposes controller methods even if @expose is not used. The description notes unspecified impact and attack vectors; the provided connected documents do not elaborate on the root cause, affected components be...

CVE-2009-5014

CVE-2009-5014 affects TurboGears2 (tg2) in its default quickstart config prior to 2.0.2, where a weak cookie salt allows remote attackers to bypass repoze.who authentication via a forged authorization cookie. This vulnerability is closely related to CVE-2010-3852 (Luci) in that both describe inse...