Screen SFT DAB 600/C is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.
e3416b7b51b13c8a02e0377d294d6b4b558ba2a448f681c4ee83ec0d4a9214dfScreen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
0775eb59979d4285d81f3e446995dfddd17a03e6b3fb4d0066b5e60a4d94b27aUbuntu Security Notice 6060-3 - USN-6060-1 fixed vulnerabilities in MySQL. The new upstream 8.0.33 version introduced a regression on the armhf architecture. This update fixes the problem. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.33 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.42. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
39f453105706e5aee5e53e888b4188597f22c5d87ecb6d9a75a34de0d747c5bcScreen SFT DAB 600/C exploit that circumvents the control and requirement of the admin's old password and directly changes the password.
dfcbdbbd5c02702d5532b7a0e38376e5c9b13dc8b11dcbb24c7816464b0a1048Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
e5293775a6d798d227c2626e73ff3e846471a825452ef4ce910c61e4724d48d2Screen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
2848c1fbf6cfd49fdb794989936933fa8921c22fc36b62a88a8e30d1da63c3aaScreen SFT DAB 600/C suffers from a weak session management that can allow an attacker on the same network to bypass these controls by reusing the same IP address assigned to the victim user (NAT) and exploit crucial operations on the device itself. By abusing the IP address property that is binded to the Session ID, one needs to await for such an established session and issue unauthorized requests to the vulnerable API to manage and/or manipulate the affected transmitter.
1734aa4dedbdbfbce8e975323fff3ec40c7fd2ae37818906ff3811eabf272f54Debian Linux Security Advisory 5403-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
bf17b51015328d7d98681df59a418ed89846aef8ff979703c3a45f1a8748f26dUbuntu Security Notice 6075-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Irvan Kurniawan discovered that Thunderbird did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service.
bc4899aba071e8e51502ad3336268edf2e3fc101e5d313a1c9d85381039d59acRockMongo version 1.1.7 suffers from a persistent cross site scripting vulnerability.
ab8d5c8051cd433bcdcc87ad984c37a9a4b0cb68d3dfa43bde20392849ab68c7Ubuntu Security Notice 6074-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service.
346f81631285f22c865ab7b35478e031cee120caa1ae43a62cf551e1b82e5769TinyWebGallery version 2.5 suffers from a persistent cross site scripting vulnerability.
d0088b50facabac5530990ca0137108d985c7d99eeffdf7880acc2fee9b17906Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
ca0a9fd5ac26d144a3b3fe22c96089ab67f84776e3fc15dfb5ebef70147e7218Simple python script to send commands prepared in text files mutated by an example payload string, e.g. multiple A or B letters. Using Fortigate's credentials, a user should be able to use this script to automate a basic fuzzing process for commands available in CLI.
183513f0d7a7bbd777a50826ac774d0cc927491384f081ad3ae5cf87426b640fUbuntu Security Notice 6073-5 - USN-6073-3 fixed a vulnerability in Nova. The update introduced a regression causing Nova to be unable to detach volumes from instances. This update fixes the problem. Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
cd8b9030e981b945b3e851be94b5f09fd82e1f3129b8df483efe80772fe215c4Epson Stylus SX510W suffers from a power off denial of service vulnerability.
8d05be986e3d06eb86cff6a9f63ec9f332924c2c01171ba39cb6849388b1a6beSiemens SIMATIC S7-1200 CPU start/stop command cross site request forgery exploit. This older issue elaborates on t4rkd3vilz's CVE-2015-5698 by issuing a POST command to a specified web server path.
bec31b24b62a934362f2aebf30a3c1bbbc8f1ca87a9670d278c3773413280b4cOnline Clinic Management System version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.
e04a2261c4b6038aa81e45da694418e47016e3912ab04aae9491b4fcc25a55c1FLEX versions prior to 1085 Web 1.6.0 suffer from a denial of service vulnerability.
ae0a20928dfa334d84c3e4bae14365283943129dafd6b66b0cb30a235a9f223c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed