Monthly Archive: June 2019

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent...

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems...

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It...

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are...

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It...

In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application. Date published : 2019-06-18...

Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow. Date published : 2019-06-18 https://www.exploit-db.com/author/?a=8844 https://www.exploit-db.com/exploits/45760

Helpy v2.1.0 has Stored XSS via the Ticket title. Date published : 2019-06-18 https://github.com/helpyio/helpy/releases/tag/2.2.0 https://github.com/helpyio/helpy

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. Date published : 2019-06-18 https://applied-risk.com/labs/advisories https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. Date published : 2019-06-18 https://applied-risk.com/labs/advisories...

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. Date...

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. Date published : 2019-06-18 https://applied-risk.com/labs/advisories https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. Date published : 2019-06-18 https://applied-risk.com/labs/advisories https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02

In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. Date published : 2019-06-18 https://applied-risk.com/labs/advisories https://ics-cert.us-cert.gov/advisories/ICSA-19-078-02