33 matches found
CVE-2025-34156
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
EUVD-2025-35704
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
EUVD-2025-35703
Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...
CVE-2025-34155
Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...
CVE-2025-34156
CVE-2025-34156 concerns Tibbo AggreGate Network Manager versions before 6.40.05, where an unauthenticated endpoint at /cwmp/happyaxis.jsp exposes sensitive system information. The page discloses Java system properties, server path details, and version information to unauthorized users, creating i...
CVE-2025-34156 Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure
Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...
CVE-2025-34155 Tibbo AggreGate Network Manager < 6.40.05 Login Functionality User Enumeration
Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...
CVE-2025-34155
CVE-2025-34155 affects Tibbo AggreGate Network Manager versions prior to 6.40.05. The issue is an observable discrepancy in login failure messages that reveals whether a provided username exists, enabling unauthenticated remote user enumeration and potentially aiding targeted brute-force/credenti...
Tibbo AggreGate Network Manager 安全漏洞
Tibbo AggreGate Network Manager is a network monitoring and IT management platform from Tibbo. A security vulnerability exists in Tibbo AggreGate Network Manager versions prior to 6.40.05, which stems from an observable response discrepancy in the login function that could lead to user enumeratio...
Tibbo AggreGate Network Manager 安全漏洞
Tibbo AggreGate Network Manager is a network monitoring and IT management platform from Tibbo. A security vulnerability exists in Tibbo AggreGate Network Manager versions prior to 6.40.05, which originates from an unauthenticated endpoint /cwmp/happyaxis.jsp that exposes sensitive system...
EUVD-2015-7811
Malware in sbrugna...
CVE-2024-12700 Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
There is an unrestricted file upload vulnerability where it is possible for an authenticated user low privileged to upload an jsp shell and execute code with the privileges of user running the web server...
CVE-2024-12700 Tibbo AggreGate Network Manager Unrestricted Upload of File with Dangerous Type
There is an unrestricted file upload vulnerability where it is possible for an authenticated user low privileged to upload an jsp shell and execute code with the privileges of user running the web server...
CVE-2024-12700
CVE-2024-12700 relates to Tibbo AggreGate Network Manager. The provided documents identify an unrestricted file upload vulnerability in the UploaderTempFileController (Tibbo Aggregate Network Manager) that allows an authenticated, low-privileged user to upload a JSP shell and execute arbitrary co...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-354-01 Hitachi Energy RTU500 series CMU ICSA-24-354-02 Hitachi Energy SDM600...
PT-2024-17717 · Tibbo · Tibbo Aggregate Network Manager
Name of the Vulnerable Software and Affected Versions: Tibbo AggreGate Network Manager affected versions not specified Description: The issue is related to an unrestricted file upload vulnerability. This allows an authenticated user with low privileges to upload a jsp shell, which can then execut...
Tibbo Aggregate Network Manager UploaderTempFileController Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploaderTempFileController class. The issue results from the lack of...
Information Disclosure Vulnerability in Taiwan Tibbo Group AggreGate SCADA-HMI Industrial Software
AggreGate SCADA/HMI is a system for visualizing and operating processes, production flows, machines and equipment. It is a multi-user distributed solution that provides monitoring and surveillance for many industries. An information disclosure vulnerability exists in Taiwan Tibbo Group's AggreGat...
The vulnerability of the integration platform Tibbo AggreGate, which allows a hacker to load and execute arbitrary Java code.
The vulnerability of the agserverservice.exe module in the Tibbo AggreGate integration platform is related to the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary Java code using a specially crafted XML document...
Tibbo Technology AggreGate权限提升漏洞
No description provided by source...