Search the Community
Showing results for tags 'improper'.
-
Exploits ClonOs WEB UI 19.09 Improper Access Control
1337day-Exploits posted a topic in Updated Exploits
ClonOs WEB UI version 19.09 suffers from an improper access control vulnerability. View the full article -
A FortiSIEM collector connects to a Supervisor/Worker over HTTPS TLS (443/TCP) to register itself as well as relaying event data such as syslog, netflow, SNMP, etc. When the Collector (the client) connects to the Supervisor/Worker (the server), the client does not validate the server-provided certificate against its root-CA store. Since the client does no server certificate validation, this means any certificate presented to the client will be considered valid and the connection will succeed. If an attacker spoofs a Worker/Supervisor using an ARP or DNS poisoning attack (or any other MITM attack), the Collector will blindly connect to the attacker's HTTPS TLS server. It will disclose the authentication password used along with any data being relayed. Versions 5.0 and 5.2.1 have been tested and are affected. View the full article
-
Inteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. View the full article
-
Exploits Totaljs CMS 12.0 Improper Access Control
1337day-Exploits posted a topic in Updated Exploits
Totaljs CMS version 12.0 suffers from a broken access control on an API call. View the full article -
Open-Xchange AppSuite versions 7.10.1 and below suffer from information exposure and improper access control vulnerabilities. View the full article
-
- open-xchange
- appsuite
-
(and 6 more)
Tagged with:
-
Exploits Python GnuPG 0.4.3 Improper Input Validation
1337day-Exploits posted a topic in Updated Exploits
Researchers discovered a way to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods when symmetric encryption is used. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on the first line of stdin, and the ciphertext to be decrypted or plaintext to be encrypted on subsequent lines. By supplying a passphrase containing a newline an attacker can control/modify the ciphertext/plaintext being decrypted/encrypted. Proof of concept exploit included. Version 0.4.3 is affected. View the full article -
Ektron CMS version 9.20 SP2 suffers from an improper access restriction vulnerability. View the full article
-
- restrictions
- access
- (and 5 more)
-
Android sdcardfs changes current->fs without proper locking. View the full article
-
- android
- current-fs
-
(and 2 more)
Tagged with:
-
Collaboration Compliance and Quality Management Platform versions 9.1.1.5482 and below suffer from an improper access control vulnerability. View the full article
-
- collaboration
- compliance
-
(and 8 more)
Tagged with:
-
Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities. View the full article
-
- citrix
- storagezones
-
(and 5 more)
Tagged with: