Monthly Archive: July 2021

Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability...

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges...

Information disclosure in Logon Page in MV’s mConnect application v02.001.00 allows an attacker to know valid users from the application’s database via brute force. Date published : 2021-07-21 https://github.com/ifmacedo/mconnect/blob/main/bruteforce https://www.linkedin.com/pulse/descobrindo-usu%C3%A1rios-brute-force-iran/

SQL injection in Logon Page in MV’s mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information....

A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. Date published : 2021-07-21 https://github.com/Piwigo/Piwigo/issues/1158

A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. Date published : 2021-07-21 https://github.com/Piwigo/Piwigo/issues/1157

An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. Date published : 2021-07-21 https://github.com/cc-crack/router/blob/master/motocx2.md https://l0n0l.xyz/post/motocx2/

An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. Date published : 2021-07-21 https://github.com/cc-crack/router/blob/master/motocx2.md https://l0n0l.xyz/post/motocx2/

A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. Date published : 2021-07-21 https://github.com/cc-crack/router/blob/master/motocx2.md https://l0n0l.xyz/post/motocx2/

An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. Date published : 2021-07-21 https://github.com/cc-crack/router/blob/master/motocx2.md https://l0n0l.xyz/post/motocx2/

An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. Date published : 2021-07-21 https://github.com/cc-crack/router/blob/master/motocx2.md https://l0n0l.xyz/post/motocx2/

A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. Date published : 2021-07-21 https://github.com/cc-crack/router/blob/master/motocx2.md https://l0n0l.xyz/post/motocx2/

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted...

Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. Date...