Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS

Input passed to the GET parameter 'userName' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Zero Science Lab
Open in Source
#xss#vulnerability#web#linux#apache#js#git#php#c++#perl#auth#wifi
Osprey Pump Controller 1.0.1 (eventFileSelected) Command Injection

The pump controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'eventFileSelected' HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.

Osprey Pump Controller 1.0.1 (userName) Blind Command Injection

The pump controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'userName' HTTP POST parameter called by index.php script.

Osprey Pump Controller 1.0.1 (pseudonym) Semi-blind Command Injection

The pump controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'pseudonym' HTTP POST parameter called by index.php script.

Osprey Pump Controller 1.0.1 Administrator Backdoor Access

The controller has a hidden administrative account 'admin' that has the hardcoded password 'Mirage1234' that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the password cannot be changed through any normal operation of the device. The backdoor lies in the /home/pi/Mirage/Mirage_ValidateSessionCode.x ELF binary.

Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure

The controller suffers from an unauthenticated file disclosure vulnerability. Using the 'eventFileSelected' GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack

The pump controller's ELF binary Mirage_CreateSessionCode.x contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploiting clear-text transmission of sensitive data including session token in URL. Session ID predictability and randomness analysis of the variable areas of the Session ID was conducted and discovered a predictable pattern. The low entropy is generated by using four IVs comprised of username, password, ip address and hostname.

CVE-2023-24253: Security Advisory: Domotica Labs - IKON SERVER

Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability.

CVE-2023-24249: GitHub - z-song/laravel-admin: Build a full-featured administrative interface in ten minutes

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2023-1070: Arbitrary txt files deletion (authenticated) in teampass

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.