Overview
MEDHOST Connex for all versions contains hard-coded credentials that are
used for customer
database access. This is a new vulnerability not related to CVE-2016-4328.
Description
MEDHOST Connex contains hard-coded credentials that are used for customer
database
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time with
Credits: Hal Martin
Website: watchmysys.com
Source:
https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
Vendor:
CompuLab (compulab.com)
Product:
Intense PC / MintBox 2
Vulnerability type:
=
SEC Consult Vulnerability Lab Security Advisory < 20170724-1 >
===
title: Open Redirect in Login Page
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS-5-POE
SEC Consult Vulnerability Lab Security Advisory < 20170724-0 >
===
title: Cross-Site Scripting (XSS)
product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP
vulnerable version: Firmware v1.9.1
Advisory: Remote Command Execution as root in REDDOXX Appliance
RedTeam Pentesting discovered a remote command execution vulnerability
in the REDDOXX appliance software, which allows attackers to execute
arbitrary command with root privileges while unauthenticated.
Details
===
Product: REDD
Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
RedTeam Pentesting discovered a vulnerability which allows attackers
unauthenticated access to the diagnostic functions of the administrative
interface of the REDDOXX appliance. The functions allow, for example, to
captu
Advisory: Undocumented Administrative Service Account in REDDOXX Appliance
RedTeam Pentesting discovered an undocumented service account in the
REDDOXX appliance software, which allows attackers to access the
administrative interface of the appliance and change its configuration.
Details
===
Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in
REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability
in the REDDOXX appliance software, which allows unauthenticated
attackers to list directory contents and download arbitrary file
Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance
RedTeam Pentesting discovered an information disclosure vulnerabilty in
the REDDOXX appliance software, which allows unauthenticated attackers
to extract valid session IDs.
Details
===
Product: REDDOXX Appliance
Affecte
Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure
vulnerability in the REDDOXX appliance software, which allows
unauthenticated attackers to download arbitrary files from the affected
system.
Details
===
Produ
Advisory: Cross-Site Scripting in REDDOXX Appliance
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the REDDOXX appliance software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.
Details
===
Product: REDDOXX Appliance
Affected Versi
12 matches
Mail list logo