Security
Headlines
HeadlinesLatestCVEs

Source

Zero Science Lab

Delta Controls enteliTOUCH 3.40.3935 Cross-Site Request Forgery (CSRF)

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Zero Science Lab
#csrf#web
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure

The application suffers from a cleartext transmission/storage of sensitive information in a Cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials through a man-in-the-middle attack.

Verizon 4G LTE Network Extender Weak Credentials Algorithm

Verizon's 4G LTE Network Extender is utilising a weak default admin password generation algorithm. The password is generated using the last 4 values from device's MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string 'LTEFemto' resulting in something like 'LTEFemtoD080' as the default Admin password.

ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability

The application suffers from an authenticated stored XSS vulnerability. The issue is triggered when input passed to the 'Name' parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure

The application is vulnerable to improper access control that allows an authenticated operator to disclose SHA1 password hashes (client-side) of other users/operators.

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD

The SCADA controller is vulnerable to unauthenticated file write/overwrite and delete vulnerability. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability.

H3C SSL VPN Username Enumeration

The weakness is caused due to the login script and how it verifies provided credentials. An attacker can use this weakness to enumerate valid users on the affected application via 'txtUsrName' POST parameter.

Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service)

The application is prone to a DoS after receiving a long server response (more than 2K bytes) leading to 100% CPU consumption.

OpenBMCS 2.4 Secrets Disclosure

The application allows directory listing and information disclosure of some sensitive files that can allow an attacker to leverage the disclosed information and gain full BMS access.

OpenBMCS 2.4 Unauthenticated SSRF / RFI

Unauthenticated Server-Side Request Forgery (SSRF) and Remote File Include (RFI) vulnerability exists in OpenBMCS within its functionalities. The application parses user supplied data in the POST parameter 'ip' to query a server IP on port 81 by default. Since no validation is carried out on the parameter, an attacker can specify an external domain and force the application to make an HTTP request to an arbitrary destination host. This can be used by an external attacker for example to bypass firewalls and initiate a service and network enumeration on the internal network through the affected application, allows hijacking the current session of the user, execute cross-site scripting code or changing the look of the page and content modification on current display.