Affected by this issue is some unknown functionality of the file /log/download.php. Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.This issue affects Home Manager Gateway: before v.1.27.12.Ī vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The identifier VDB-243057 was assigned to this vulnerability. The exploit has been disclosed to the public and may be used. It is possible to initiate the attack remotely. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. VDB-243138 is the identifier assigned to this vulnerability.Ī vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. The manipulation of the argument GWLinkId leads to sql injection. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. VDB-243590 is the identifier assigned to this vulnerability. The manipulation of the argument messagecontent leads to sql injection. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ī vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. The associated identifier of this vulnerability is VDB-243591. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.Ī vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. The identifier of this vulnerability is VDB-243716. The manipulation of the argument SessionId leads to sql injection. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim’s browser.Ī vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( ) * Immobilize the vehicle via the safe-immobilizer module ( ) * Get live video through the connected video camera * Send audio messages to the driver ( ) The MQTT server also leaks the location, video and diagnostic data from each connected device. The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The identifier VDB-248265 was assigned to this vulnerability. The manipulation of the argument loginId leads to sql injection. This affects an unknown part of the file /admin/singlelogin.php?submit=1. A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |