EUVD-2016-5491

Malware in sbrugna...

EUVD-2016-3381

Malware in sbrugna...

Cross site request forgery (csrf)

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function...

CVE-2016-4504

CVE-2016-4504: Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited (all versions) are affected by a Cross-Site Request Forgery vulnerability caused by the lack of a CSRF token on pages/functions. The vulnerability enables potential unauthorized actions on affected devices, with the ICS-...

Meteocontrol WEB'log arbitrary command execution vulnerability

No description provided by source...

Meteocontrol WEB'log Detection (HTTP)

HTTP based detection of Meteocontrol WEB SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.107004";...

Meteocontrol WEB'log Admin Password Disclosure Vulnerability

Meteocontrol WEB Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it und...

Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)

Exploit Title: Meteocontrol WEB'log - Extract Admin password Discovered by: Karn Ganeshen Vendor Homepage: http://www.meteocontrol.com/en/ Versions Reported: All Meteocontrol WEB'log versions CVE-ID: CVE-2016-2296 Meteocontrol WEB'log - Metasploit Auxiliary Module...

Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)

Exploit for multiple platform in category web applications Exploit Title: Meteocontrol WEB'log - Extract Admin password Discovered by: Karn Ganeshen Vendor Homepage: http://www.meteocontrol.com/en/ Versions Reported: All Meteocontrol WEB'log versions CVE-ID: CVE-2016-2296 Meteocontrol WEB'log -...

Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)

Meteocontrol WEB’log - Admin Password Disclosure Metasploit Exploit Title: Meteocontrol WEB'log - Extract Admin password Discovered by: Karn Ganeshen Vendor Homepage: http://www.meteocontrol.com/en/ Versions Reported: All Meteocontrol WEB'log versions CVE-ID: CVE-2016-2296 Meteocontrol WEB'log -...

Meteocontrol WEB'log Information Disclosure Vulnerability

Meteocontrol WEB'log is a web-based SCADA system that provides energy and power configuration management functions using different connected devices. An information disclosure vulnerability exists in multiple Meteocontrol WEB'log products that could be exploited by an unauthorized attacker to gai...

CVE-2016-2298

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors...

CVE-2016-2297

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."...

Design/Logic Flaw

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors...

Authentication flaw

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...

Improper access control

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."...

CVE-2016-2298

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors...

CVE-2016-2298

Summary of CVE-2016-2298 (Meteocontrol WEB’log) : Affects WEB’log Basic 100, Light, Pro, and Pro Unlimited. The issue is Information Exposure via cleartext data stored or transmitted by the application, driven by an improper access control / authentication bypass vulnerability. Remote attackers c...

CVE-2016-2297

Meteocontrol WEB’log Basic 100, Light, Pro, and Pro Unlimited are affected by CVE-2016-2297 via a hidden/obscured access command shell-like feature that allows remote execution of commands without authentication. The vulnerability, part of an improper access control issue alongside related CVEs i...