29 matches found
EUVD-2015-8219
Malware in sbrugna...
EUVD-2015-8218
Malware in sbrugna...
EUVD-2015-8217
Malware in sbrugna...
EUVD-2015-8215
Malware in sbrugna...
Sql injection
SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...
CVE-2015-8334
SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...
CVE-2015-8334
SQL injection vulnerability in the Operation and Maintenance Unit OMU in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request...
CVE-2015-8334
CVE-2015-8334 affects Huawei VCN500 OMU (Operation and Maintenance Unit). The vulnerability allows remote authenticated users to execute arbitrary SQL commands via crafted HTTP requests in VCN500 firmware before V100R002C00SPC201. Impact: SQL injection in the OMU could expose or modify database d...
CVE-2015-8335
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log...
CVE-2015-8333
The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets...
CVE-2015-8331
The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID...
Information disclosure
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log...
Design/Logic Flaw
The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID...
Design/Logic Flaw
The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets...
CVE-2015-8333
The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets...
CVE-2015-8331
The Operation and Maintenance Unit OMU in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID...
CVE-2015-8333
The CVE-2015-8333 issue affects Huawei VCN500: the Operation and Maintenance Unit (OMU) before V100R002C00SPC200 allows remote authenticated users to change the media server IP address via crafted packets due to improper user privileges. The Huawei security advisory HWPSIRT-2015-07045 notes this ...
CVE-2015-8335
Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading the log...
CVE-2015-8335
Huawei VCN500 (software prior to V100R002C00SPC201) stores user passwords in plaintext in logs, enabling remote authenticated users to obtain sensitive information by triggering log generation and reading the logs. The issue is caused by plaintext password logging in the device’s logging mechanis...
CVE-2015-8331
CVE-2015-8331 affects Huawei VCN500’s OMU prior to V100R002C00SPC200, where the session ID is not properly invalidated after an abnormal exit. This allows remote attackers to perform replay attacks by resubmitting a valid session identifier. Impact is described as unauthorized access via the repl...