Advisory: Remote Command Execution as root in REDDOXX Appliance
RedTeam Pentesting discovered a remote command execution vulnerability
in the REDDOXX appliance software, which allows attackers to execute
arbitrary command with root privileges while unauthenticated.
Details
===
Product:
Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure
vulnerability in the REDDOXX appliance software, which allows
unauthenticated attackers to download arbitrary files from the affected
system.
Details
===
Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in
REDDOXX Appliance
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability
in the REDDOXX appliance software, which allows unauthenticated
attackers to list directory contents and download arbitrary
Advisory: Cross-Site Scripting in REDDOXX Appliance
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the REDDOXX appliance software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.
Details
===
Product: REDDOXX Appliance
Affected
Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance
RedTeam Pentesting discovered a vulnerability which allows attackers
unauthenticated access to the diagnostic functions of the administrative
interface of the REDDOXX appliance. The functions allow, for example, to
SEC Consult Vulnerability Lab Security Advisory < 20170724-0 >
===
title: Cross-Site Scripting (XSS)
product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP
vulnerable version: Firmware v1.9.1
SEC Consult Vulnerability Lab Security Advisory < 20170724-1 >
===
title: Open Redirect in Login Page
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS-5-POE
Credits: Hal Martin
Website: watchmysys.com
Source:
https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
Vendor:
CompuLab (compulab.com)
Product:
Intense PC / MintBox 2
Vulnerability type:
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time
Overview
MEDHOST Connex for all versions contains hard-coded credentials that are
used for customer
database access. This is a new vulnerability not related to CVE-2016-4328.
Description
MEDHOST Connex contains hard-coded credentials that are used for customer
database
10 matches
Mail list logo