Monthly Archive: March 2019

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with ‘super’ CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. Date published :...

AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel–accessories?sort= substring. Date published : 2019-03-17 http://packetstormsecurity.com/files/151305/Abantecart-1.2.12-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Jan/59

Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. Date published : 2019-03-17 http://packetstormsecurity.com/files/151052/ZenPhoto-1.4.14-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Jan/22

Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter. Date published : 2019-03-17 http://packetstormsecurity.com/files/151333/Podcast-Generator-2.7-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Jan/63

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB)...

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. Date published : 2019-03-17 http://packetstormsecurity.com/files/151474/SolarWinds-Serv-U-FTP-15.1.6.25-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Feb/5

Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. Date published : 2019-03-17 http://packetstormsecurity.com/files/151005/Microweber-1.0.8-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2019/Jan/12

Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. Date published : 2019-03-17 http://packetstormsecurity.com/files/151237/Kentix-MultiSensor-LAN-5.63.00-Authentication-Bypass.html https://seclists.org/bugtraq/2019/Jan/21

HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous have reflected XSS in the login form. Date published : 2019-03-17 https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2018-12-04-001-ec150-ec250-lc310-lc350-ws100-ws200-cve-2018-19694.pdf http://packetstormsecurity.com/files/151119/HMS-Netbiter-WS100-3.30.5-Cross-Site-Scripting.html

An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. Date published : 2019-03-17...

An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of...

In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to...

In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a...

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. Date...